From cvs at cvs.gnupg.org Mon Sep 1 08:49:45 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 01 Sep 2014 08:49:45 +0200 Subject: [git] gnupg-doc - branch, master, updated. d312f13e757c690b7b90d2ad3abf958c05d3afe8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d312f13e757c690b7b90d2ad3abf958c05d3afe8 (commit) from 96e9b9a86bff1d0c55fae6b65f2c68b667a03628 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d312f13e757c690b7b90d2ad3abf958c05d3afe8 Author: Werner Koch Date: Mon Sep 1 08:50:01 2014 +0200 swdb: Fixed sha1 for libgcrypt 1.6.2. We need the one for the tar.bz2 and not the one for tar.gz. diff --git a/web/swdb.mac b/web/swdb.mac index 095ef2e..6580b39 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -69,7 +69,7 @@ # #+macro: libgcrypt_ver 1.6.2 #+macro: libgcrypt_size 2418k -#+macro: libgcrypt_sha1 cdaf2bdd5f34b20f4f9d926536673c15b857d2e6 +#+macro: libgcrypt_sha1 cc31aca87e4a3769cb86884a3f5982b2cc8eb7ec # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 1 09:58:34 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 01 Sep 2014 09:58:34 +0200 Subject: [git] GPA - branch, master, updated. gpa-0.9.4-43-g03cb3b8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via 03cb3b876c775675b722e7be05d35d1ef260cb1e (commit) via b97770ca320c21b879a1ea32b87cfdc76e9f1857 (commit) from 07abf32c7493179f7ee7fa191451f08aa5083cb6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 03cb3b876c775675b722e7be05d35d1ef260cb1e Author: Werner Koch Date: Mon Sep 1 09:58:44 2014 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index d866edd..799f78b 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 0.9.6 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 0.9.5 (2014-09-01) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index d8babbc..eac3a07 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.10" # (git tag -s gpa-1.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [0.9.5]) +m4_define([mym4_version], [0.9.6]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit b97770ca320c21b879a1ea32b87cfdc76e9f1857 Author: Werner Koch Date: Mon Sep 1 09:38:56 2014 +0200 Release 0.9.5. diff --git a/AUTHORS b/AUTHORS index 9a3c148..0211db9 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,6 +1,6 @@ Program: GPA Maintainer: Werner Koch -Bug reports: http://bugs.gnupg.org +Bug reports: https://bugs.gnupg.org Security related bug reports: License: GPLv3+ diff --git a/NEWS b/NEWS index d7e1275..d866edd 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,29 @@ -Noteworthy changes in version 0.9.5 (unreleased) +Noteworthy changes in version 0.9.5 (2014-09-01) ------------------------------------------------ + * GPA now starts with the UI server enabled and tests on startup + whether such a server is already running to open that one instead + of launching a second instance. + + * GPA is now aware of ECC keys. + + * Improved detection of CMS objects (which are used by S/MIME) and + detached OpenPGP signatures. + + * Allow import and export of X.509 certificates. Allow backup of + X.509 keys. + + * The key creation date is now displayed in the key listing. + + * Armored detached signature files are now created with an ".asc" + suffix and not with ".sig". + + * The GnuPG home directory is now detected using the gpgconf tool. + + * Added launch-gpa wrapper for Windows. + + * Fixed several bugs leading to crashs. + Noteworthy changes in version 0.9.4 (2013-05-01) ------------------------------------------------ diff --git a/README b/README index 7ca2aaf..3985583 100644 --- a/README +++ b/README @@ -9,7 +9,7 @@ files, to verify signatures and to manage the private and public keys. Copyright (C) 2000-2002 G-N-U GmbH (http://www.g-n-u.de) Copyright (C) 2002-2004 Miguel Coca. -Copyright (C) 2005-2013 g10 Code GmbH +Copyright (C) 2005-2014 g10 Code GmbH GPA uses fragments from the following programs and libraries: JNLIB, Copyright (C) 1998-2000 Free Software Foundation, Inc. diff --git a/configure.ac b/configure.ac index c836ba0..d8babbc 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # configure.ac for GPA # Copyright (C) 2000, 2001 Werner Koch # Copyright (C) 2002, 2003, 2004 Miguel Coca -# Copyright (C) 2005-2013 g10 Code GmbH +# Copyright (C) 2005-2014 g10 Code GmbH # # This file is part of GPA. # diff --git a/po/ar.po b/po/ar.po index 2ca191a..e778a2c 100644 --- a/po/ar.po +++ b/po/ar.po @@ -291,7 +291,7 @@ msgid "Open the settings dialog" msgstr "???????? ???????? ??????????????????" #, fuzzy -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "???????? ?????? ?????????? ?????????? ???????????????? (?????????? ???--cms??? ????????)" msgid "Disable support for X.509" @@ -300,6 +300,9 @@ msgstr "" msgid "Read options from file" msgstr "???????? ???????????????? ???? ????????" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "[??????...]" @@ -355,8 +358,8 @@ msgstr "?????? ?????? ?????????? ?????????? ??????????????????." msgid "Backup key to file" msgstr "???????? ???????? ???????????????? ???? ?????????????? ???? ????????" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "???????? ?????? ??????????????: %s" msgid "The keys have been copied to the clipboard." @@ -563,40 +566,46 @@ msgstr "?????????????? ?????????????? ????????????" msgid "Status" msgstr "????????????" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "????????????????????" msgid "Size" msgstr "??????????" -msgid "Expiry Date" -msgstr "?????????? ????????????????" +#, fuzzy +msgid "Created" +msgstr "?????????? ????:" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "???????????? ??????????????" + +msgid "S" msgstr "" msgid "Can sign" msgstr "???????? ?????????????? ????" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "???????? ?????????????? ????" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "???????? ?????????????? ????" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "???????? ?????????????????? ????" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1004,6 +1013,9 @@ msgstr "?????? ??????????????" msgid "Change _passphrase" msgstr "???????? _?????????? ????????" +msgid "Expiry Date" +msgstr "?????????? ????????????????" + msgid "Change _expiration" msgstr "???????? _?????????? ???????????? ????????????????" @@ -1142,6 +1154,10 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "???????????? ?????????????? ???? ?????? ???????? ???????????? ??????????????." +#, fuzzy +msgid "The Creation Date is the date the certificate was created." +msgstr "?????????? ???????????????? ???? ?????????????? ???????? ?????????? ???????? ???????????? ??????????????." + msgid "The Expiry Date is the date until the certificate is valid." msgstr "?????????? ???????????????? ???? ?????????????? ???????? ?????????? ???????? ???????????? ??????????????." diff --git a/po/de.po b/po/de.po index 831a12e..0b5886f 100644 --- a/po/de.po +++ b/po/de.po @@ -269,7 +269,8 @@ msgstr "Zwischenablage ??ffnen" msgid "Open the settings dialog" msgstr "??ffne den Dialog f??r die Einstellungen" -msgid "Enable the UI server" +#, fuzzy +msgid "Only start the UI server" msgstr "Den UI Server aktivieren" msgid "Disable support for X.509" @@ -278,6 +279,9 @@ msgstr "Keine Unterst??tzung von X.509" msgid "Read options from file" msgstr "Optionen aus einer Datei lesen" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "[DATEI...]" @@ -331,8 +335,8 @@ msgstr "Beim Erstellen der Datensicherung ist ein Fehler aufgetreten." msgid "Backup key to file" msgstr "_Sicherheitskopie des Schl??ssels in Datei:" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "Sicherheitskopie von Schl??ssel %s erstellen" msgid "The keys have been copied to the clipboard." @@ -536,41 +540,47 @@ msgstr "Kennung des untergeordneten Schl??ssels" msgid "Status" msgstr "G??ltigkeit der Beglaubigung" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "_Verschl??sselungsalgorithmus" msgid "Size" msgstr "Gr????e" -msgid "Expiry Date" -msgstr "Verfallsdatum" +#, fuzzy +msgid "Created" +msgstr "Erstellen" -msgid "[S]" -msgstr "[S]" +#, fuzzy +msgid "Expires" +msgstr "Abgelaufen" + +msgid "S" +msgstr "" msgid "Can sign" msgstr "Zum Signieren verwendbar" -msgid "[C]" -msgstr "[C]" +msgid "C" +msgstr "" msgid "Can certify" msgstr "Zum ??berpr??fen verwendbar" -msgid "[E]" -msgstr "[E]" +msgid "E" +msgstr "" msgid "Can encrypt" msgstr "Zum Verschl??sseln verwendbar" -msgid "[A]" -msgstr "[A]" +msgid "A" +msgstr "" msgid "Can authenticate" msgstr "Zum Authentifizieren verwendbar" -msgid "[T]" -msgstr "[T]" +msgid "T" +msgstr "" msgid "Secret key stored on a smartcard." msgstr "Geheimer Schl??ssel befindet sich auf einer Smartcard" @@ -974,6 +984,9 @@ msgstr "Schl??ssel bearbeiten" msgid "Change _passphrase" msgstr "_Passwortsatz ??ndern" +msgid "Expiry Date" +msgstr "Verfallsdatum" + msgid "Change _expiration" msgstr "_Verfallsdatum ??ndern" @@ -1117,6 +1130,10 @@ msgstr "" "Die Schl??sselkennung (Key ID) is eine kurze Zahl zur Identifizerung eines " "Zertifikats." +#, fuzzy +msgid "The Creation Date is the date the certificate was created." +msgstr "Das Ablaufdatum ist das Datum bis zu dem das Zertifikat g??ltig ist." + msgid "The Expiry Date is the date until the certificate is valid." msgstr "Das Ablaufdatum ist das Datum bis zu dem das Zertifikat g??ltig ist." @@ -2236,6 +2253,21 @@ msgstr "" "k??nnen jedoch mit dem Knopf zur Anwendungsauswahl auf eine andere, auf der " "Karte verf??gbare, Anwendung umschalten." +#~ msgid "[S]" +#~ msgstr "[S]" + +#~ msgid "[C]" +#~ msgstr "[C]" + +#~ msgid "[E]" +#~ msgstr "[E]" + +#~ msgid "[A]" +#~ msgstr "[A]" + +#~ msgid "[T]" +#~ msgstr "[T]" + #~ msgid "GNU Privacy Assistant - Clipboard" #~ msgstr "GNU Privacy Assistant - Zwischenablage" @@ -2865,9 +2897,6 @@ msgstr "" #~ msgid "C_reate" #~ msgstr "_Erstellen" -#~ msgid "Create" -#~ msgstr "Erstellen" - #~ msgid "" #~ "The filename \"%s\" contains symbols that are not allowed in filenames" #~ msgstr "" diff --git a/po/es.po b/po/es.po index 6359507..5b664c6 100644 --- a/po/es.po +++ b/po/es.po @@ -294,7 +294,7 @@ msgid "Open the settings dialog" msgstr "Abrir la ventana de preferencias" #, fuzzy -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "Iniciar solo el servicio de interface de usuario (implica --cms)" msgid "Disable support for X.509" @@ -303,6 +303,9 @@ msgstr "" msgid "Read options from file" msgstr "Leer opciones desde un archivo" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "[ARCHIVO...]" @@ -358,8 +361,8 @@ msgstr "Un error ocurri?? durante la operaci??n de respaldo." msgid "Backup key to file" msgstr "Archivo de copia de seguridad:" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "Haciendo copia de seguridad de la clave: %s" msgid "The keys have been copied to the clipboard." @@ -569,40 +572,46 @@ msgstr "ID de Subclave" msgid "Status" msgstr "Estado" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "Algoritmo" msgid "Size" msgstr "Tama??o" -msgid "Expiry Date" -msgstr "Fecha de Caducidad" +#, fuzzy +msgid "Created" +msgstr "Creada el:" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "Caducada" + +msgid "S" msgstr "" msgid "Can sign" msgstr "Puede firmar" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "Puede certificar" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "Puede cifrar" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "Puede autenticar" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1015,6 +1024,9 @@ msgstr "Editar Clave" msgid "Change _passphrase" msgstr "Cambiar contra_se??a" +msgid "Expiry Date" +msgstr "Fecha de Caducidad" + msgid "Change _expiration" msgstr "Cambiar ca_ducidad" @@ -1161,6 +1173,11 @@ msgstr "" "El identificador de clave (key ID) es un n??mero corto para identificar el " "certificado." +#, fuzzy +msgid "The Creation Date is the date the certificate was created." +msgstr "" +"La Fecha de Caducidad es la fecha hasta la cual el certificado es v??lido." + msgid "The Expiry Date is the date until the certificate is valid." msgstr "" "La Fecha de Caducidad es la fecha hasta la cual el certificado es v??lido." diff --git a/po/fr.po b/po/fr.po index a4b1932..3f3113d 100644 --- a/po/fr.po +++ b/po/fr.po @@ -277,7 +277,7 @@ msgid "Open the settings dialog" msgstr "Ouvrir la fen??tre des pr??f??rences" #, fuzzy -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "" "D??marrer seulement le serveur d'interface graphique (implique ?? --cms ??)" @@ -287,6 +287,9 @@ msgstr "" msgid "Read options from file" msgstr "Lire les options depuis le fichier" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "[FICHIER???]" @@ -339,8 +342,8 @@ msgstr "Une erreur est survenue lors de l'op??ration de sauvegarde." msgid "Backup key to file" msgstr "Sauvegarder la clef dans le fichier??:" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "G??n??ration de la sauvegarde de clef??: %s" msgid "The keys have been copied to the clipboard." @@ -555,40 +558,46 @@ msgstr "ID de sous-clef" msgid "Status" msgstr "??tat" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "Algorithme" msgid "Size" msgstr "Taille" -msgid "Expiry Date" -msgstr "Expiration" +#, fuzzy +msgid "Created" +msgstr "Cr????e le :" + +#, fuzzy +msgid "Expires" +msgstr "Expir??e" -msgid "[S]" +msgid "S" msgstr "" msgid "Can sign" msgstr "Signe" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "Certifie" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "Chiffre" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "Authentifie" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -994,6 +1003,9 @@ msgstr "??diter la clef" msgid "Change _passphrase" msgstr "Changer le mot de _passe" +msgid "Expiry Date" +msgstr "Expiration" + msgid "Change _expiration" msgstr "Changer l'_expiration" @@ -1140,6 +1152,12 @@ msgstr "" "L'identificateur de clef est une suite de chiffres et de lettres servant ?? " "identifier un certificat." +#, fuzzy +msgid "The Creation Date is the date the certificate was created." +msgstr "" +"La date d'expiration indique la date ?? laquelle le certificat cesse d'??tre " +"valide." + msgid "The Expiry Date is the date until the certificate is valid." msgstr "" "La date d'expiration indique la date ?? laquelle le certificat cesse d'??tre " diff --git a/po/ja.po b/po/ja.po index 1ebec66..ae95e4f 100644 --- a/po/ja.po +++ b/po/ja.po @@ -304,7 +304,7 @@ msgstr " msgid "Open the settings dialog" msgstr "????????????????????" -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "" msgid "Disable support for X.509" @@ -314,6 +314,9 @@ msgstr "" msgid "Read options from file" msgstr "??????????????????????????" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "" @@ -375,8 +378,8 @@ msgstr "" msgid "Backup key to file" msgstr "??????????????????????????????" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "??????????????????????????: %s" msgid "The keys have been copied to the clipboard." @@ -580,40 +583,46 @@ msgstr " msgid "Status" msgstr "??????????" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "????????????" msgid "Size" msgstr "??????" -msgid "Expiry Date" -msgstr "????????" +#, fuzzy +msgid "Created" +msgstr "????" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "????????" + +msgid "S" msgstr "" msgid "Can sign" msgstr "????????" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "????????" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "??????????" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "????????" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1022,6 +1031,9 @@ msgstr " msgid "Change _passphrase" msgstr "?????????????????? (_P)" +msgid "Expiry Date" +msgstr "????????" + msgid "Change _expiration" msgstr "?????????????? (_E)" @@ -1159,6 +1171,9 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "????????????????????????" +msgid "The Creation Date is the date the certificate was created." +msgstr "" + msgid "The Expiry Date is the date until the certificate is valid." msgstr "" @@ -2854,9 +2869,6 @@ msgstr "" #~ msgid "C_reate" #~ msgstr "???? (_R)" -#~ msgid "Create" -#~ msgstr "????" - #~ msgid "" #~ "The filename \"%s\" contains symbols that are not allowed in filenames" #~ msgstr "\"%s\" ??????????????????????????????????????????????????????????" diff --git a/po/nl.po b/po/nl.po index 534b40e..38f9190 100644 --- a/po/nl.po +++ b/po/nl.po @@ -301,7 +301,7 @@ msgstr "Naar _klembord" msgid "Open the settings dialog" msgstr "Open de voorkeuren dialoog" -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "" msgid "Disable support for X.509" @@ -311,6 +311,9 @@ msgstr "" msgid "Read options from file" msgstr "lees opties van bestand" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "" @@ -372,8 +375,8 @@ msgstr "" msgid "Backup key to file" msgstr "_Backup sleutel naar bestand:" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "Genereren van backup van sleutel: %s" msgid "The keys have been copied to the clipboard." @@ -579,40 +582,46 @@ msgstr "Subsleutels ID" msgid "Status" msgstr "Status" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "Algoritme" msgid "Size" msgstr "Grootte" -msgid "Expiry Date" -msgstr "Verval datum" +#, fuzzy +msgid "Created" +msgstr "Maken" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "Vervallen" + +msgid "S" msgstr "" msgid "Can sign" msgstr "Kan ondertekend worden" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "Kan gecertifieerd worden" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "Kan versleuteld worden" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "Kan geauthenticeerd worden" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1026,6 +1035,9 @@ msgstr "Bewerk sleutel" msgid "Change _passphrase" msgstr "Verkeerd wachtwoord!" +msgid "Expiry Date" +msgstr "Verval datum" + msgid "Change _expiration" msgstr "_Verander verval datum" @@ -1166,6 +1178,9 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "De sleutel kan alleen gebruikt worden voor certificatie." +msgid "The Creation Date is the date the certificate was created." +msgstr "" + msgid "The Expiry Date is the date until the certificate is valid." msgstr "" @@ -2854,9 +2869,6 @@ msgstr "" #~ msgid "C_reate" #~ msgstr "_Maken" -#~ msgid "Create" -#~ msgstr "Maken" - #~ msgid "" #~ "The filename \"%s\" contains symbols that are not allowed in filenames" #~ msgstr "" diff --git a/po/pl.po b/po/pl.po index 32a84c7..d527047 100644 --- a/po/pl.po +++ b/po/pl.po @@ -297,7 +297,7 @@ msgstr "" msgid "Open the settings dialog" msgstr "Otwiera okno dialogowe z ustawieniami" -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "" msgid "Disable support for X.509" @@ -307,6 +307,9 @@ msgstr "" msgid "Read options from file" msgstr "odczytuje opcje z podanego pliku" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "" @@ -369,8 +372,8 @@ msgstr "" msgid "Backup key to file" msgstr "Wykonaj kopi?? zapasow?? klucza do pliku" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "Generowanie kopii zapasowej klucza: %s" msgid "The keys have been copied to the clipboard." @@ -578,40 +581,46 @@ msgstr "Identyfikator podklucza" msgid "Status" msgstr "Stan" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "Algorytm" msgid "Size" msgstr "Rozmiar" -msgid "Expiry Date" -msgstr "Data ko??ca wa??no??ci" +#, fuzzy +msgid "Created" +msgstr "Utworzony dnia:" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "Po terminie wa??no??ci" + +msgid "S" msgstr "" msgid "Can sign" msgstr "Mo??na podpisywa??" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "Mo??na po??wiadcza??" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "Mo??na szyfrowa??" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "Mo??na autoryzowa??" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1028,6 +1037,9 @@ msgstr "Edycja klucza" msgid "Change _passphrase" msgstr "Zmie?? _has??o" +msgid "Expiry Date" +msgstr "Data ko??ca wa??no??ci" + msgid "Change _expiration" msgstr "Zmie?? dat?? utraty _wa??no??ci" @@ -1170,6 +1182,9 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "Ten klucz mo??e by?? u??yty tylko do certyfikat??w." +msgid "The Creation Date is the date the certificate was created." +msgstr "" + msgid "The Expiry Date is the date until the certificate is valid." msgstr "" diff --git a/po/pt_BR.po b/po/pt_BR.po index 9338c50..053955a 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -300,7 +300,7 @@ msgstr "" msgid "Open the settings dialog" msgstr "Abrir caixa de di?logo das Prefer?ncias" -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "" msgid "Disable support for X.509" @@ -310,6 +310,9 @@ msgstr "" msgid "Read options from file" msgstr "ler as prefer?ncias do arquivo" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "" @@ -372,8 +375,8 @@ msgstr "" msgid "Backup key to file" msgstr "E_xportar para o arquivo:" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "Gerando backup de chave: %s" msgid "The keys have been copied to the clipboard." @@ -582,42 +585,47 @@ msgid "Status" msgstr "Status" #, fuzzy -msgid "Algorithm" +msgid "Algo" msgstr "_Algoritmo:" msgid "Size" msgstr "" -msgid "Expiry Date" -msgstr "Date de expira??o" +#, fuzzy +msgid "Created" +msgstr "Criado" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "Expirado" + +msgid "S" msgstr "" #, fuzzy msgid "Can sign" msgstr "_assinar" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "" -msgid "[E]" +msgid "E" msgstr "" #, fuzzy msgid "Can encrypt" msgstr "encriptado" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1023,6 +1031,9 @@ msgstr "Editar a chave" msgid "Change _passphrase" msgstr "Mudar _senha" +msgid "Expiry Date" +msgstr "Date de expira??o" + msgid "Change _expiration" msgstr "Mudar _expira??o" @@ -1165,6 +1176,10 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "E n?o pode ser usada para encripta??o." +#, fuzzy +msgid "The Creation Date is the date the certificate was created." +msgstr "Certificado de revoga??o criado." + msgid "The Expiry Date is the date until the certificate is valid." msgstr "" @@ -2872,9 +2887,6 @@ msgstr "" #~ msgid "C_reate" #~ msgstr "C_riado" -#~ msgid "Create" -#~ msgstr "Criado" - #~ msgid "" #~ "The filename \"%s\" contains symbols that are not allowed in filenames" #~ msgstr "" @@ -3259,9 +3271,6 @@ msgstr "" #~ msgid "!FATAL ERROR: Invalid key selection info!\n" #~ msgstr "!ERRO FATAL: sele??o de chave inv?lida!\n" -#~ msgid "Revocation certificate created." -#~ msgstr "Certificado de revoga??o criado." - #~ msgid "No key selected for editing." #~ msgstr "Nenhuma chave selecionada para ser editada." diff --git a/po/ru.po b/po/ru.po index 4466c0e..836dbc2 100644 --- a/po/ru.po +++ b/po/ru.po @@ -292,7 +292,7 @@ msgid "Open the settings dialog" msgstr "?????????????? ???????? ????????????????" #, fuzzy -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "???????????????????? ???????????? ???????????? UI" msgid "Disable support for X.509" @@ -301,6 +301,9 @@ msgstr "" msgid "Read options from file" msgstr "???????????????? ?????????????????? ???? ??????????" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "[????????...]" @@ -356,8 +359,8 @@ msgstr "???????????? ???????????????? ?????????????????? ??????????." msgid "Backup key to file" msgstr "?????????????????? ?????????? ?????????? ?? ????????" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "???????????????? ?????????????????? ?????????? ??????????: %s" msgid "The keys have been copied to the clipboard." @@ -565,40 +568,46 @@ msgstr "ID ????????????????" msgid "Status" msgstr "????????????" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "????????????????" msgid "Size" msgstr "????????????" -msgid "Expiry Date" -msgstr "???????? ????????????????" +#, fuzzy +msgid "Created" +msgstr "????????????:" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "??????????" + +msgid "S" msgstr "" msgid "Can sign" msgstr "?????????? ????????????." -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "?????????? ????????????." -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "?????????? ????????." -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "?????????? ??????????????." -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1012,6 +1021,9 @@ msgstr "?????????????????????????? ????????" msgid "Change _passphrase" msgstr "???????????????? ????????????" +msgid "Expiry Date" +msgstr "???????? ????????????????" + msgid "Change _expiration" msgstr "???????????????? ???????? ????????????????" @@ -1155,6 +1167,10 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "ID ?????????? - ???????????????? ?????????? ?????? ?????????????????????????? ??????????????????????." +#, fuzzy +msgid "The Creation Date is the date the certificate was created." +msgstr "???????? ???????????????? ???????????????????? ?????????????????????????????????? ???????????????? ??????????????????????." + msgid "The Expiry Date is the date until the certificate is valid." msgstr "???????? ???????????????? ???????????????????? ?????????????????????????????????? ???????????????? ??????????????????????." diff --git a/po/sv.po b/po/sv.po index d2f3b56..0648cbe 100644 --- a/po/sv.po +++ b/po/sv.po @@ -275,7 +275,7 @@ msgid "Open the settings dialog" msgstr "??ppna inst??llningsdialogen" #, fuzzy -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "Aktivera anv??ndargr??nssnittsservern (inneb??r --cms)" msgid "Disable support for X.509" @@ -284,6 +284,9 @@ msgstr "" msgid "Read options from file" msgstr "L??s flaggor fr??n fil" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "[FIL...]" @@ -336,8 +339,8 @@ msgstr "Ett fel intr??ffade under s??kerhetskopieringen." msgid "Backup key to file" msgstr "S??kerhetskopiera nyckel till fil" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "Skapar s??kerhetskopia av nyckel: %s" msgid "The keys have been copied to the clipboard." @@ -544,40 +547,46 @@ msgstr "Undernyckelsidentitet" msgid "Status" msgstr "Status" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "Algoritm" msgid "Size" msgstr "Storlek" -msgid "Expiry Date" -msgstr "Utg??ngsdatum" +#, fuzzy +msgid "Created" +msgstr "Skapad den:" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "Utg??ngen" + +msgid "S" msgstr "" msgid "Can sign" msgstr "Kan signera" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "Kan certifiera" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "Kan kryptera" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "Kan authentisera" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -979,6 +988,9 @@ msgstr "Redigera nyckel" msgid "Change _passphrase" msgstr "??ndra _l??senfras" +msgid "Expiry Date" +msgstr "Utg??ngsdatum" + msgid "Change _expiration" msgstr "??ndra _utg??ngsdatum" @@ -1122,6 +1134,10 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "Nyckelidentiteten ??r ett kort tal f??r att identifiera ett certifikat." +#, fuzzy +msgid "The Creation Date is the date the certificate was created." +msgstr "Utg??ngsdatum ??r det datum som certifikatet ??r giltigt fram till." + msgid "The Expiry Date is the date until the certificate is valid." msgstr "Utg??ngsdatum ??r det datum som certifikatet ??r giltigt fram till." diff --git a/po/tr.po b/po/tr.po index 58c20a1..2153ff7 100644 --- a/po/tr.po +++ b/po/tr.po @@ -297,7 +297,7 @@ msgstr "" msgid "Open the settings dialog" msgstr "Tercihler penceresini a?" -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "" msgid "Disable support for X.509" @@ -307,6 +307,9 @@ msgstr "" msgid "Read options from file" msgstr "se?enekleri dosyadan oku" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "" @@ -368,8 +371,8 @@ msgstr "" msgid "Backup key to file" msgstr "Anahtar? dosyaya yedekle" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "%s anahtar?n?n yedeklemesi yap?l?yor" msgid "The keys have been copied to the clipboard." @@ -574,40 +577,46 @@ msgstr "Altanahtar Kimli msgid "Status" msgstr "Durum" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "Algoritma" msgid "Size" msgstr "Boyut" -msgid "Expiry Date" -msgstr "Bitim Tarihi" +#, fuzzy +msgid "Created" +msgstr "Yarat?lma Tarihi:" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "Sona Ermi?" + +msgid "S" msgstr "" msgid "Can sign" msgstr "?mzalayabilir" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "Onaylayabilir" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "?ifreleyebilir" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "Do?rulayabilir" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1020,6 +1029,9 @@ msgstr "Anahtar msgid "Change _passphrase" msgstr "_?ifreyi De?i?tir" +msgid "Expiry Date" +msgstr "Bitim Tarihi" + msgid "Change _expiration" msgstr "_Bitim s?resini de?i?tir" @@ -1161,6 +1173,9 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "Anahtar sadece onaylama i?in kullan?labilir." +msgid "The Creation Date is the date the certificate was created." +msgstr "" + msgid "The Expiry Date is the date until the certificate is valid." msgstr "" diff --git a/po/zh_TW.po b/po/zh_TW.po index ac2cfca..9193b85 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -296,7 +296,7 @@ msgstr "" msgid "Open the settings dialog" msgstr "?}???]?w????" -msgid "Enable the UI server" +msgid "Only start the UI server" msgstr "" msgid "Disable support for X.509" @@ -306,6 +306,9 @@ msgstr "" msgid "Read options from file" msgstr "????????????????" +msgid "Do not connect to a running instance" +msgstr "" + msgid "[FILE...]" msgstr "" @@ -367,8 +370,8 @@ msgstr "" msgid "Backup key to file" msgstr "?????K?_??????" -#, c-format -msgid "Generating backup of key: %s" +#, fuzzy, c-format +msgid "Generating backup of key: 0x%s" msgstr "???b???? %s ??????" msgid "The keys have been copied to the clipboard." @@ -572,40 +575,46 @@ msgstr " msgid "Status" msgstr "???A" -msgid "Algorithm" +#, fuzzy +msgid "Algo" msgstr "?[?K????" msgid "Size" msgstr "?j?p" -msgid "Expiry Date" -msgstr "????????" +#, fuzzy +msgid "Created" +msgstr "?????b :" -msgid "[S]" +#, fuzzy +msgid "Expires" +msgstr "?w?g?L??" + +msgid "S" msgstr "" msgid "Can sign" msgstr "???\???p" -msgid "[C]" +msgid "C" msgstr "" msgid "Can certify" msgstr "???\????" -msgid "[E]" +msgid "E" msgstr "" msgid "Can encrypt" msgstr "???\?[?K" -msgid "[A]" +msgid "A" msgstr "" msgid "Can authenticate" msgstr "???\?o??" -msgid "[T]" +msgid "T" msgstr "" msgid "Secret key stored on a smartcard." @@ -1009,6 +1018,9 @@ msgstr " msgid "Change _passphrase" msgstr "?????K?X (&P)" +msgid "Expiry Date" +msgstr "????????" + msgid "Change _expiration" msgstr "???????????? (&E)" @@ -1148,6 +1160,9 @@ msgstr "" msgid "The key ID is a short number to identify a certificate." msgstr "?K?_?u?i???@????." +msgid "The Creation Date is the date the certificate was created." +msgstr "" + msgid "The Expiry Date is the date until the certificate is valid." msgstr "" diff --git a/src/helpmenu.c b/src/helpmenu.c index a673793..0b1b123 100644 --- a/src/helpmenu.c +++ b/src/helpmenu.c @@ -72,8 +72,8 @@ gpa_help_about (GtkAction *action, GtkWindow *window) static const gchar copyright[] = "Copyright \xc2\xa9 2000-2002 G-N-U GmbH\n" "Copyright \xc2\xa9 2002-2003 Miguel Coca\n" - "Copyright \xc2\xa9 2005-2013 g10 Code GmbH"; - static const gchar website[] = "http://www.gnupg.org/related_software/gpa/"; + "Copyright \xc2\xa9 2005-2014 g10 Code GmbH"; + static const gchar website[] = "https://www.gnupg.org/related_software/gpa/"; static const gchar website_label[] = "www.gnupg.org"; char *comment; GdkPixbuf *logo; ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 +- NEWS | 29 +++++++++++++++++++++++- README | 2 +- configure.ac | 4 ++-- po/ar.po | 38 ++++++++++++++++++++++---------- po/de.po | 67 ++++++++++++++++++++++++++++++++++++++++---------------- po/es.po | 39 +++++++++++++++++++++++---------- po/fr.po | 40 +++++++++++++++++++++++---------- po/ja.po | 40 +++++++++++++++++++++------------ po/nl.po | 40 +++++++++++++++++++++------------ po/pl.po | 37 +++++++++++++++++++++---------- po/pt_BR.po | 43 ++++++++++++++++++++++-------------- po/ru.po | 38 ++++++++++++++++++++++---------- po/sv.po | 38 ++++++++++++++++++++++---------- po/tr.po | 37 +++++++++++++++++++++---------- po/zh_TW.po | 37 +++++++++++++++++++++---------- src/helpmenu.c | 4 ++-- 17 files changed, 376 insertions(+), 159 deletions(-) hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 1 11:40:22 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 01 Sep 2014 11:40:22 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-110-g708a3a7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 708a3a72cc0608ed4a38ff78d8843c1b46ebf633 (commit) from db3c0286bf159568aa315d15f9708fe2de02b022 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 708a3a72cc0608ed4a38ff78d8843c1b46ebf633 Author: Werner Koch Date: Mon Sep 1 11:40:31 2014 +0200 Add DCO entries for Andrei Scherer and Stefan Mueller. -- diff --git a/AUTHORS b/AUTHORS index 2c92998..860dea2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -136,6 +136,9 @@ phcoder at gmail.com Authors with a DCO ================== +Andrei Scherer +2014-0822:BF7CEF794F9.000003F0andsch at inbox.com: + Christian Aistleitner 2013-02-26:20130226110144.GA12678 at quelltextlich.at: @@ -163,6 +166,9 @@ Rafa?l Carr? Sergey V. 2013-11-07:2066221.5IYa7Yq760 at darkstar: +Stephan Mueller +2014-08-22:2008899.25OeoelVVA at myon.chronox.de: + Tom?? Mr?z 2012-04-16:1334571250.5056.52.camel at vespa.frost.loc: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 2 08:56:51 2014 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 02 Sep 2014 08:56:51 +0200 Subject: [git] GPA - branch, master, updated. gpa-0.9.4-44-g8bbf24b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via 8bbf24ba918bae0d593ce5431c234789cfad8a7b (commit) from 03cb3b876c775675b722e7be05d35d1ef260cb1e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8bbf24ba918bae0d593ce5431c234789cfad8a7b Author: Daniel Kahn Gillmor Date: Mon Sep 1 21:29:36 2014 -0400 Add a File/Close option to the card manager. * src/cardman.c (file_close): New. (cardman_action_new): Add menu item. -- All the other windows have a File|Close option, but the card manager only has File|Quit. As a result, a user who tries to close the card manager from the menubar will most likely shut down all of GPA, which may not be their intent. diff --git a/src/cardman.c b/src/cardman.c index c752442..844a44a 100644 --- a/src/cardman.c +++ b/src/cardman.c @@ -624,6 +624,15 @@ watcher_cb (void *opaque, const char *filename, const char *reason) } +/* Handle menu item "File/Close". */ +static void +file_close (GtkAction *action, gpointer param) +{ + GpaCardManager *cardman = param; + gtk_widget_destroy (GTK_WIDGET (cardman)); +} + + /* Construct the card manager menu and toolbar widgets and return them. */ static void @@ -638,6 +647,8 @@ cardman_action_new (GpaCardManager *cardman, GtkWidget **menubar, { "Card", NULL, N_("_Card"), NULL }, /* File menu. */ + { "FileClose", GTK_STOCK_CLOSE, NULL, NULL, + N_("Close the window"), G_CALLBACK (file_close) }, { "FileQuit", GTK_STOCK_QUIT, NULL, NULL, N_("Quit the program"), G_CALLBACK (gtk_main_quit) }, @@ -652,6 +663,7 @@ cardman_action_new (GpaCardManager *cardman, GtkWidget **menubar, "" " " " " + " " " " " " " " ----------------------------------------------------------------------- Summary of changes: src/cardman.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 2 09:26:20 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 02 Sep 2014 09:26:20 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-111-g5eec04a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5eec04a43e6c562e956353449be931dd43dfe1cc (commit) from 708a3a72cc0608ed4a38ff78d8843c1b46ebf633 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5eec04a43e6c562e956353449be931dd43dfe1cc Author: Werner Koch Date: Tue Sep 2 09:25:20 2014 +0200 asm: Allow building x86 and amd64 using old compilers. * src/hwf-x86.c (get_xgetbv): Build only if AVX support is enabled. -- Old as(1) versions do not support the xgetvb instruction. Thus build this function only if asm support has been requested. GnuPG-bug-id: 1708 diff --git a/src/hwf-x86.c b/src/hwf-x86.c index 0591b4f..7ee246d 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -96,6 +96,7 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, *edx = regs[3]; } +#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT) static unsigned int get_xgetbv(void) { @@ -109,6 +110,7 @@ get_xgetbv(void) return t_eax; } +#endif /* ENABLE_AVX_SUPPORT || ENABLE_AVX2_SUPPORT */ #endif /* i386 && GNUC */ @@ -145,6 +147,7 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, *edx = regs[3]; } +#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT) static unsigned int get_xgetbv(void) { @@ -158,6 +161,7 @@ get_xgetbv(void) return t_eax; } +#endif /* ENABLE_AVX_SUPPORT || ENABLE_AVX2_SUPPORT */ #endif /* x86-64 && GNUC */ ----------------------------------------------------------------------- Summary of changes: src/hwf-x86.c | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 2 09:28:33 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 02 Sep 2014 09:28:33 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, updated. libgcrypt-1.6.2-2-ge189934 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been updated via e189934b7e240e405421fcabfe4b0b68ca7a8350 (commit) from 8c88814ec6eca32d2224c02f1d47557ae54ebae1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e189934b7e240e405421fcabfe4b0b68ca7a8350 Author: Werner Koch Date: Tue Sep 2 09:25:20 2014 +0200 asm: Allow building x86 and amd64 using old compilers. * src/hwf-x86.c (get_xgetbv): Build only if AVX support is enabled. -- Old as(1) versions do not support the xgetvb instruction. Thus build this function only if asm support has been requested. GnuPG-bug-id: 1708 diff --git a/src/hwf-x86.c b/src/hwf-x86.c index 0591b4f..7ee246d 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -96,6 +96,7 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, *edx = regs[3]; } +#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT) static unsigned int get_xgetbv(void) { @@ -109,6 +110,7 @@ get_xgetbv(void) return t_eax; } +#endif /* ENABLE_AVX_SUPPORT || ENABLE_AVX2_SUPPORT */ #endif /* i386 && GNUC */ @@ -145,6 +147,7 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, *edx = regs[3]; } +#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT) static unsigned int get_xgetbv(void) { @@ -158,6 +161,7 @@ get_xgetbv(void) return t_eax; } +#endif /* ENABLE_AVX_SUPPORT || ENABLE_AVX2_SUPPORT */ #endif /* x86-64 && GNUC */ ----------------------------------------------------------------------- Summary of changes: src/hwf-x86.c | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 2 11:24:09 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 02 Sep 2014 11:24:09 +0200 Subject: [git] GnuPG - branch, wk/test-gpgrt-estream, updated. gnupg-2.1.0-beta783-20-gafe8558 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, wk/test-gpgrt-estream has been updated via afe85582ddc2ebc285728bf6417f8929fd0b3281 (commit) via 4054d86abcb7ad953ed9e988b1765cb9266faefd (commit) via c913e09ebdbb1a1e9838a0a5897448841f5e9bc3 (commit) via b6386367aca957c52586fbf52f11604451ba4fe7 (commit) from be98b5960ebd48929c399b0b91c95bfc0cb9749b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit afe85582ddc2ebc285728bf6417f8929fd0b3281 Author: Werner Koch Date: Tue Sep 2 11:22:07 2014 +0200 agent: Fix import of OpenPGP EdDSA keys. * agent/cvt-openpgp.c (get_keygrip): Special case EdDSA. (convert_secret_key): Ditto. (convert_transfer_key): Ditto. (apply_protection): Handle opaque MPIs. (do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before unpacking an opaque mpi. -- The key transfer protocol between gpg and gpg-agent uses gcrypt algorithm numbers which merge all ECC algorithms into one. Thus it is not possible to use the algorithm number to determine the EdDSA algorithm. We need to known that because Libgcrypt requires the "eddsa" flag with the curve "Ed25519" to actually use the Ed25519 signature specification. The last fix is for correctness; the first case won't be used anyway. diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 58327c6..6ea2666 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -81,9 +81,16 @@ get_keygrip (int pubkey_algo, const char *curve, gcry_mpi_t *pkey, break; case GCRY_PK_ECC: - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecc(curve %s)(q%m)))", - curve, pkey[0]); + if (!curve) + err = gpg_error (GPG_ERR_BAD_SECKEY); + else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) + err = gcry_sexp_build (&s_pkey, NULL, + "(public-key(ecc(curve %s)(flags eddsa)(q%m)))", + "Ed25519", pkey[0]); + else + err = gcry_sexp_build (&s_pkey, NULL, + "(public-key(ecc(curve %s)(q%m)))", + curve, pkey[0]); break; default: @@ -139,6 +146,15 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, case GCRY_PK_ECC: if (!curve) err = gpg_error (GPG_ERR_BAD_SECKEY); + else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) + { + /* Do not store the OID as name but the real name and the + EdDSA flag. */ + err = gcry_sexp_build (&s_skey, NULL, + "(private-key(ecc(curve%s)(flags eddsa)" + "(q%m)(d%m)))", + "Ed25519", skey[0], skey[1]); + } else err = gcry_sexp_build (&s_skey, NULL, "(private-key(ecc(curve%s)(q%m)(d%m)))", @@ -198,11 +214,24 @@ convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, break; case GCRY_PK_ECC: - err = gcry_sexp_build - (&s_skey, NULL, - "(protected-private-key(ecc(curve%s)(q%m)" - "(protected openpgp-native%S)))", - curve, skey[0], transfer_key); + if (!curve) + err = gpg_error (GPG_ERR_BAD_SECKEY); + else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) + { + /* Do not store the OID as name but the real name and the + EdDSA flag. */ + err = gcry_sexp_build + (&s_skey, NULL, + "(protected-private-key(ecc(curve%s)(flags eddsa)(q%m)" + "(protected openpgp-native%S)))", + "Ed25519", skey[0], transfer_key); + } + else + err = gcry_sexp_build + (&s_skey, NULL, + "(protected-private-key(ecc(curve%s)(q%m)" + "(protected openpgp-native%S)))", + curve, skey[0], transfer_key); break; default: @@ -373,7 +402,7 @@ do_unprotect (const char *passphrase, if (!skey[i] || gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_USER1)) return gpg_error (GPG_ERR_BAD_SECKEY); - if (gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_USER1)) + if (gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_OPAQUE)) { unsigned int nbits; const unsigned char *buffer; @@ -1064,15 +1093,36 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey, ndata = 20; /* Space for the SHA-1 checksum. */ for (i = npkey, j = 0; i < nskey; i++, j++ ) { - err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]); - if (err) + if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE)) { - err = gpg_error_from_syserror (); - for (i = 0; i < j; i++) - xfree (bufarr[i]); - return err; + const void *s; + unsigned int n; + + s = gcry_mpi_get_opaque (array[i], &n); + nbits[j] = n; + n = (n+7)/8; + narr[j] = n; + bufarr[j] = gcry_is_secure (s)? xtrymalloc_secure (n):xtrymalloc (n); + if (!bufarr[j]) + { + err = gpg_error_from_syserror (); + for (i = 0; i < j; i++) + xfree (bufarr[i]); + return err; + } + memcpy (bufarr[j], s, n); + } + else + { + err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]); + if (err) + { + for (i = 0; i < j; i++) + xfree (bufarr[i]); + return err; + } + nbits[j] = gcry_mpi_get_nbits (array[i]); } - nbits[j] = gcry_mpi_get_nbits (array[i]); ndata += 2 + narr[j]; } @@ -1218,8 +1268,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, assert (iob.len < sizeof iobbuf -1); iobbuf[iob.len] = 0; err = gcry_sexp_build (&curve, NULL, "(curve %s)", iobbuf); - - gcry_log_debugsxp ("at 1", curve); } } else if (!strcmp (name, "ecdsa")) commit 4054d86abcb7ad953ed9e988b1765cb9266faefd Author: Kyle Butt Date: Tue Aug 26 14:11:47 2014 -0700 gpg: Fix export of ecc secret keys by adjusting check ordering. * g10/export.c (transfer_format_to_openpgp): Move the check against PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of parameters. diff --git a/g10/export.c b/g10/export.c index 6a921c1..b4f1a2e 100644 --- a/g10/export.c +++ b/g10/export.c @@ -462,7 +462,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) xfree (string); string = NULL; if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey) || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey) - || !npkey || npkey >= nskey || nskey > PUBKEY_MAX_NSKEY) + || !npkey || npkey >= nskey) goto bad_seckey; /* Check that the pubkey algo matches the one from the public key. */ @@ -503,6 +503,10 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) goto leave; } + /* This check has to go after the ecc adjustments. */ + if (nskey > PUBKEY_MAX_NSKEY) + goto bad_seckey; + /* Parse the key parameters. */ gcry_sexp_release (list); list = gcry_sexp_find_token (top_list, "skey", 0); commit c913e09ebdbb1a1e9838a0a5897448841f5e9bc3 Author: Werner Koch Date: Mon Sep 1 10:15:21 2014 +0200 agent: Allow key unprotection using AES-256. * agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for clarity. (do_decryption): Add args prot_cipher and prot_cipher_keylen. USe them instead of the hardwired values. (agent_unprotect): Change to use a table of protection algorithms. Add AES-256 variant. -- This patch will make a possible future key protection algorithm changes smoother. AES-256 is also allowed although there is currently no way to encrypt using it. diff --git a/agent/protect.c b/agent/protect.c index 3a00218..f633d56 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -42,7 +42,9 @@ #include "cvt-openpgp.h" #include "sexp-parse.h" -#define PROT_CIPHER GCRY_CIPHER_AES +/* The protection mode for encryption. The supported modes for + decryption are listed in agent_unprotect(). */ +#define PROT_CIPHER GCRY_CIPHER_AES128 #define PROT_CIPHER_STRING "aes" #define PROT_CIPHER_KEYLEN (128/8) @@ -632,6 +634,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen, const char *passphrase, const unsigned char *s2ksalt, unsigned long s2kcount, const unsigned char *iv, size_t ivlen, + int prot_cipher, int prot_cipher_keylen, unsigned char **result) { int rc = 0; @@ -640,11 +643,11 @@ do_decryption (const unsigned char *protected, size_t protectedlen, unsigned char *outbuf; size_t reallen; - blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER); + blklen = gcry_cipher_get_algo_blklen (prot_cipher); if (protectedlen < 4 || (protectedlen%blklen)) return gpg_error (GPG_ERR_CORRUPTED_PROTECTION); - rc = gcry_cipher_open (&hd, PROT_CIPHER, GCRY_CIPHER_MODE_CBC, + rc = gcry_cipher_open (&hd, prot_cipher, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); if (rc) return rc; @@ -657,17 +660,16 @@ do_decryption (const unsigned char *protected, size_t protectedlen, if (!rc) { unsigned char *key; - size_t keylen = PROT_CIPHER_KEYLEN; - key = gcry_malloc_secure (keylen); + key = gcry_malloc_secure (prot_cipher_keylen); if (!key) rc = out_of_core (); else { rc = hash_passphrase (passphrase, GCRY_MD_SHA1, - 3, s2ksalt, s2kcount, key, keylen); + 3, s2ksalt, s2kcount, key, prot_cipher_keylen); if (!rc) - rc = gcry_cipher_setkey (hd, key, keylen); + rc = gcry_cipher_setkey (hd, key, prot_cipher_keylen); xfree (key); } } @@ -860,6 +862,15 @@ agent_unprotect (ctrl_t ctrl, gnupg_isotime_t protected_at, unsigned char **result, size_t *resultlen) { + static struct { + const char *name; /* Name of the protection method. */ + int algo; /* (A zero indicates the "openpgp-native" hack.) */ + int keylen; /* Used key length in bytes. */ + } algotable[] = { + { "openpgp-s2k3-sha1-aes-cbc", GCRY_CIPHER_AES128, (128/8)}, + { "openpgp-s2k3-sha1-aes256-cbc", GCRY_CIPHER_AES256, (256/8)}, + { "openpgp-native", 0, 0 } + }; int rc; const unsigned char *s; const unsigned char *protect_list; @@ -869,6 +880,7 @@ agent_unprotect (ctrl_t ctrl, const unsigned char *s2ksalt; unsigned long s2kcount; const unsigned char *iv; + int prot_cipher, prot_cipher_keylen; const unsigned char *prot_begin; unsigned char *cleartext; unsigned char *final; @@ -959,31 +971,40 @@ agent_unprotect (ctrl_t ctrl, n = snext (&s); if (!n) return gpg_error (GPG_ERR_INV_SEXP); - if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc")) + + /* Lookup the protection algo. */ + prot_cipher = 0; /* (avoid gcc warning) */ + prot_cipher_keylen = 0; /* (avoid gcc warning) */ + for (i= 0; i < DIM (algotable); i++) + if (smatch (&s, n, algotable[i].name)) + { + prot_cipher = algotable[i].algo; + prot_cipher_keylen = algotable[i].keylen; + break; + } + if (i == DIM (algotable)) + return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION); + + if (!prot_cipher) /* This is "openpgp-native". */ { - if (smatch (&s, n, "openpgp-native")) - { - gcry_sexp_t s_prot_begin; + gcry_sexp_t s_prot_begin; - rc = gcry_sexp_sscan (&s_prot_begin, NULL, - prot_begin, - gcry_sexp_canon_len (prot_begin, 0,NULL,NULL)); - if (rc) - return rc; + rc = gcry_sexp_sscan (&s_prot_begin, NULL, + prot_begin, + gcry_sexp_canon_len (prot_begin, 0,NULL,NULL)); + if (rc) + return rc; - rc = convert_from_openpgp_native (ctrl, - s_prot_begin, passphrase, &final); - gcry_sexp_release (s_prot_begin); - if (!rc) - { - *result = final; - *resultlen = gcry_sexp_canon_len (final, 0, NULL, NULL); - } - return rc; + rc = convert_from_openpgp_native (ctrl, s_prot_begin, passphrase, &final); + gcry_sexp_release (s_prot_begin); + if (!rc) + { + *result = final; + *resultlen = gcry_sexp_canon_len (final, 0, NULL, NULL); } - else - return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION); + return rc; } + if (*s != '(' || s[1] != '(') return gpg_error (GPG_ERR_INV_SEXP); s += 2; @@ -1026,7 +1047,7 @@ agent_unprotect (ctrl_t ctrl, s++; /* skip list end */ n = snext (&s); - if (n != 16) /* Wrong blocksize for IV (we support only aes-128). */ + if (n != 16) /* Wrong blocksize for IV (we support only 128 bit). */ return gpg_error (GPG_ERR_CORRUPTED_PROTECTION); iv = s; s += n; @@ -1040,7 +1061,7 @@ agent_unprotect (ctrl_t ctrl, cleartext = NULL; /* Avoid cc warning. */ rc = do_decryption (s, n, passphrase, s2ksalt, s2kcount, - iv, 16, + iv, 16, prot_cipher, prot_cipher_keylen, &cleartext); if (rc) return rc; commit b6386367aca957c52586fbf52f11604451ba4fe7 Author: Werner Koch Date: Mon Sep 1 10:10:30 2014 +0200 speedo: Fix for non-Windows build of glib. -- diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 69af39c..f81a835 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -376,8 +376,9 @@ speedo_pkg_glib_configure = \ CCC=$(host)-g++ \ LIBFFI_CFLAGS=-I$(idir)/lib/libffi-$(libffi_ver)/include \ LIBFFI_LIBS=\"-L$(idir)/lib -lffi\" +ifeq ($(TARGETOS),w32) speedo_pkg_glib_extracflags = -march=i486 - +endif speedo_pkg_libpng_configure = \ CPPFLAGS=\"-I$(idir)/include -DPNG_BUILD_DLL\" \ ----------------------------------------------------------------------- Summary of changes: agent/cvt-openpgp.c | 84 ++++++++++++++++++++++++++++++++++++++++----------- agent/protect.c | 79 ++++++++++++++++++++++++++++++------------------ build-aux/speedo.mk | 3 +- g10/export.c | 6 +++- 4 files changed, 123 insertions(+), 49 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 2 12:10:09 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 02 Sep 2014 12:10:09 +0200 Subject: [git] GnuPG - branch, wk/test-gpgrt-estream, updated. gnupg-2.1.0-beta783-21-gbf2fc12 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, wk/test-gpgrt-estream has been updated via bf2fc12b83b45953f7afa403b8d91c36d0b50ec9 (commit) from afe85582ddc2ebc285728bf6417f8929fd0b3281 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bf2fc12b83b45953f7afa403b8d91c36d0b50ec9 Author: Werner Koch Date: Tue Sep 2 12:10:19 2014 +0200 gpg: Fix export of NIST ECC keys. * common/openpgp-oid.c (struct oidtable): New. (openpgp_curve_to_oid): Rewrite and allow OID as input. (openpgp_oid_to_curve): Make use of the new table. -- Due to the previous change we now usually store the OID with the private key and not the name. Thus during import we do not anymore need to map the name to an oid but can use the oid directly. We fix that by extending openpgp_curve_to_oid to allow an oidstr as input. diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index bcb9885..010c23f 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -37,6 +37,30 @@ #include "util.h" +/* A table with all our supported OpenPGP curves. */ +static struct { + const char *name; /* Standard name. */ + const char *oidstr; /* IETF formatted OID. */ + unsigned int nbits; /* Nominla bit length of the curve. */ + const char *alias; /* NULL or alternative name of the curve. */ +} oidtable[] = { + + { "Ed25519", "1.3.6.1.4.1.11591.15.1", 255, "ed25519" }, + + { "NIST P-256", "1.2.840.10045.3.1.7", 256, "nistp256" }, + { "NIST P-384", "1.3.132.0.34", 384, "nistp384" }, + { "NIST P-521", "1.3.132.0.35", 521, "nistp521" }, + + { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 256 }, + { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 384 }, + { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 512 }, + + { "secp256k1", "1.3.132.0.10", 256 }, + + { NULL, NULL, 0} +}; + + /* The OID for Curve Ed25519 in OpenPGP format. */ static const char oid_ed25519[] = { 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01 }; @@ -270,56 +294,33 @@ openpgp_oid_is_ed25519 (gcry_mpi_t a) const char * openpgp_curve_to_oid (const char *name, unsigned int *r_nbits) { + int i; unsigned int nbits = 0; - const char *oidstr; + const char *oidstr = NULL; - if (!name) - oidstr = NULL; - else if (!strcmp (name, "Ed25519") || !strcmp (name, "ed25519")) - { - oidstr = "1.3.6.1.4.1.11591.15.1"; - nbits = 255; - } - else if (!strcmp (name, "nistp256") || !strcmp (name, "NIST P-256")) - { - /* Libgcrypt uses "NIST P-256" as standard name for this curve - and thus the key generation returns this value. Thus we - allow both strings. */ - oidstr = "1.2.840.10045.3.1.7"; - nbits = 256; - } - else if (!strcmp (name, "nistp384") || !strcmp (name, "NIST P-384")) - { - oidstr = "1.3.132.0.34"; - nbits = 384; - } - else if (!strcmp (name, "nistp521") || !strcmp (name, "NIST P-521")) - { - oidstr = "1.3.132.0.35"; - nbits = 521; - } - else if (!strcmp (name,"brainpoolP256r1")) + if (name) { - oidstr = "1.3.36.3.3.2.8.1.1.7"; - nbits = 256; - } - else if (!strcmp (name, "brainpoolP384r1")) - { - oidstr = "1.3.36.3.3.2.8.1.1.11"; - nbits = 384; - } - else if (!strcmp (name, "brainpoolP512r1")) - { - oidstr = "1.3.36.3.3.2.8.1.1.13"; - nbits = 512; - } - else if (!strcmp (name, "secp256k1")) - { - oidstr = "1.3.132.0.10"; - nbits = 256; + for (i=0; oidtable[i].name; i++) + if (!strcmp (oidtable[i].name, name) + || (oidtable[i].alias && !strcmp (oidtable[i].alias, name))) + { + oidstr = oidtable[i].oidstr; + nbits = oidtable[i].nbits; + break; + } + if (!oidtable[i].name) + { + /* If not found assume the input is already an OID and check + whether we support it. */ + for (i=0; oidtable[i].name; i++) + if (!strcmp (name, oidtable[i].oidstr)) + { + oidstr = oidtable[i].oidstr; + nbits = oidtable[i].nbits; + break; + } + } } - else - oidstr = NULL; if (r_nbits) *r_nbits = nbits; @@ -328,32 +329,19 @@ openpgp_curve_to_oid (const char *name, unsigned int *r_nbits) /* Map an OpenPGP OID to the Libgcrypt curve NAME. Returns "?" for - unknown curve names. */ + unknown curve names. We prefer an alias name here which is more + suitable for printing. */ const char * -openpgp_oid_to_curve (const char *oid) +openpgp_oid_to_curve (const char *oidstr) { - const char *name; - - if (!oid) - name = ""; - else if (!strcmp (oid, "1.3.6.1.4.1.11591.15.1")) - name = "ed25519"; - else if (!strcmp (oid, "1.2.840.10045.3.1.7")) - name = "nistp256"; - else if (!strcmp (oid, "1.3.132.0.10")) - name = "secp256k1"; - else if (!strcmp (oid, "1.3.132.0.34")) - name = "nistp384"; - else if (!strcmp (oid, "1.3.132.0.35")) - name = "nistp521"; - else if (!strcmp (oid, "1.3.36.3.3.2.8.1.1.7")) - name = "brainpoolP256r1"; - else if (!strcmp (oid, "1.3.36.3.3.2.8.1.1.11")) - name = "brainpoolP384r1"; - else if (!strcmp (oid, "1.3.36.3.3.2.8.1.1.13")) - name = "brainpoolP512r1"; - else - name = "?"; - - return name; + int i; + + if (!oidstr) + return ""; + + for (i=0; oidtable[i].name; i++) + if (!strcmp (oidtable[i].oidstr, oidstr)) + return oidtable[i].alias? oidtable[i].alias : oidtable[i].name; + + return "?"; } ----------------------------------------------------------------------- Summary of changes: common/openpgp-oid.c | 132 +++++++++++++++++++++++--------------------------- 1 file changed, 60 insertions(+), 72 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 2 16:01:08 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 02 Sep 2014 16:01:08 +0200 Subject: [git] GnuPG - branch, wk/test-gpgrt-estream, updated. gnupg-2.1.0-beta783-22-g1449a22 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, wk/test-gpgrt-estream has been updated via 1449a22d2e43ae0ae127260a925e3a2c92b5f7a5 (commit) from bf2fc12b83b45953f7afa403b8d91c36d0b50ec9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1449a22d2e43ae0ae127260a925e3a2c92b5f7a5 Author: Werner Koch Date: Tue Sep 2 16:01:25 2014 +0200 doc: Typo fix -- Debian-bug-id: 760273 diff --git a/doc/gpg.texi b/doc/gpg.texi index 7ac1613..e9bcff3 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3509,7 +3509,7 @@ sense. Although OpenPGP works with time intervals, GnuPG uses an absolute value internally and thus the last year we can represent is 2105. - at item Ceation-Date: @var{iso-date} + at item Creation-Date: @var{iso-date} Set the creation date of the key as stored in the key information and which is also part of the fingerprint calculation. Either a date like "1986-04-26" or a full timestamp like "19860426T042640" may be used. ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 2 19:42:18 2014 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Tue, 02 Sep 2014 19:42:18 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-112-g8a2a328 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 8a2a328742012a7c528dd007437185e4584c1e48 (commit) from 5eec04a43e6c562e956353449be931dd43dfe1cc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8a2a328742012a7c528dd007437185e4584c1e48 Author: Jussi Kivilinna Date: Tue Sep 2 20:40:07 2014 +0300 Add new Poly1305 MAC test vectors * tests/basic.c (check_mac): Add new test vectors for Poly1305 MAC. -- Patch adds new test vectors for Poly1305 MAC from Internet Draft draft-irtf-cfrg-chacha20-poly1305-01. Signed-off-by: Jussi Kivilinna diff --git a/tests/basic.c b/tests/basic.c index 6d70cfd..e406db4 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -6008,6 +6008,72 @@ check_mac (void) "\xf3\x47\x7e\x7c\xd9\x54\x17\xaf\x89\xa6\xb8\x79\x4c\x31\x0c\xf0", NULL, 0, 32 }, + /* draft-irtf-cfrg-chacha20-poly1305-01 */ + /* TV#5 */ + { GCRY_MAC_POLY1305, + "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", + "\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + NULL, + 16, 32 }, + /* TV#6 */ + { GCRY_MAC_POLY1305, + "\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", + "\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + NULL, + 16, 32 }, + /* TV#7 */ + { GCRY_MAC_POLY1305, + "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" + "\xF0\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" + "\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + NULL, + 48, 32 }, + /* TV#8 */ + { GCRY_MAC_POLY1305, + "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" + "\xFB\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE\xFE" + "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01", + "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + NULL, + 48, 32 }, + /* TV#9 */ + { GCRY_MAC_POLY1305, + "\xFD\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", + "\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\xFA\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", + NULL, + 16, 32 }, + /* TV#10 */ + { GCRY_MAC_POLY1305, + "\xE3\x35\x94\xD7\x50\x5E\x43\xB9\x00\x00\x00\x00\x00\x00\x00\x00" + "\x33\x94\xD7\x50\x5E\x43\x79\xCD\x01\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x01\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x14\x00\x00\x00\x00\x00\x00\x00\x55\x00\x00\x00\x00\x00\x00\x00", + NULL, + 64, 32 }, + /* TV#11 */ + { GCRY_MAC_POLY1305, + "\xE3\x35\x94\xD7\x50\x5E\x43\xB9\x00\x00\x00\x00\x00\x00\x00\x00" + "\x33\x94\xD7\x50\x5E\x43\x79\xCD\x01\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x01\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + "\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + NULL, + 48, 32 }, /* from http://cr.yp.to/mac/poly1305-20050329.pdf */ { GCRY_MAC_POLY1305, "\xf3\xf6", ----------------------------------------------------------------------- Summary of changes: tests/basic.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 3 08:54:32 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 03 Sep 2014 08:54:32 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-113-g8b960a8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 8b960a807d168000d2690897a7634bd384ac1346 (commit) from 8a2a328742012a7c528dd007437185e4584c1e48 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8b960a807d168000d2690897a7634bd384ac1346 Author: Werner Koch Date: Wed Sep 3 08:53:43 2014 +0200 Add a constant for a forthcoming new RNG. * src/gcrypt.h.in (GCRYCTL_DRBG_REINIT): New constant. diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 9d64b22..65d9ef6 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -330,7 +330,8 @@ enum gcry_ctl_cmds GCRYCTL_CLOSE_RANDOM_DEVICE = 70, GCRYCTL_INACTIVATE_FIPS_FLAG = 71, GCRYCTL_REACTIVATE_FIPS_FLAG = 72, - GCRYCTL_SET_SBOX = 73 + GCRYCTL_SET_SBOX = 73, + GCRYCTL_DRBG_REINIT = 74 }; /* Perform various operations defined by CMD. */ ----------------------------------------------------------------------- Summary of changes: src/gcrypt.h.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 3 09:47:39 2014 From: cvs at cvs.gnupg.org (by Kristian Fiskerstrand) Date: Wed, 03 Sep 2014 09:47:39 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-4-g07006c9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 07006c9916ea194ce6047d252421c08489068c4c (commit) from d91db67e5180fcbda2f3fb7667ffd1b99cac51c6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 07006c9916ea194ce6047d252421c08489068c4c Author: Kristian Fiskerstrand Date: Wed Aug 13 11:13:34 2014 +0200 gpg: Need to init the trustdb for import. * g10/trustdb.c (clear_ownertrusts): Init trustdb. -- This was fixed in 1.4 branch in commit 23191d7851eae2217ecdac6484349849a24fd94a but was not applied to the 2.0 branch that exhibits the same problem. This is actually a hack to fix a bug introduced with commit 2528178. GnuPG-bug-id: 1622 diff --git a/g10/trustdb.c b/g10/trustdb.c index f96701a..7bfef25 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -923,6 +923,8 @@ clear_ownertrusts (PKT_public_key *pk) TRUSTREC rec; int rc; + init_trustdb(); + if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) return 0; ----------------------------------------------------------------------- Summary of changes: g10/trustdb.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 8 18:24:55 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 08 Sep 2014 18:24:55 +0200 Subject: [git] GnuPG - branch, wk/test-gpgrt-estream, updated. gnupg-2.1.0-beta783-24-g98f6529 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, wk/test-gpgrt-estream has been updated via 98f65291d7abecc1e4d618125f33b6ce759e0892 (commit) via a94674c54e774803a2efba36b962f3b95f8ebb14 (commit) from 1449a22d2e43ae0ae127260a925e3a2c92b5f7a5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 98f65291d7abecc1e4d618125f33b6ce759e0892 Author: Werner Koch Date: Mon Sep 8 18:25:06 2014 +0200 gpg: Fix memory leak in ECC encryption. * g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error handling. diff --git a/g10/pkglue.c b/g10/pkglue.c index 67d2efd..684ce8a 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -190,7 +190,9 @@ int pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data, PKT_public_key *pk, gcry_mpi_t *pkey) { - gcry_sexp_t s_ciph, s_data, s_pkey; + gcry_sexp_t s_ciph = NULL; + gcry_sexp_t s_data = NULL; + gcry_sexp_t s_pkey = NULL; int rc; /* Make a sexp from pkey. */ @@ -200,9 +202,8 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data, "(public-key(elg(p%m)(g%m)(y%m)))", pkey[0], pkey[1], pkey[2]); /* Put DATA into a simplified S-expression. */ - if (rc || gcry_sexp_build (&s_data, NULL, "%m", data)) - BUG (); - + if (!rc) + rc = gcry_sexp_build (&s_data, NULL, "%m", data); } else if (algo == PUBKEY_ALGO_RSA || algo == PUBKEY_ALGO_RSA_E) { @@ -210,40 +211,42 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data, "(public-key(rsa(n%m)(e%m)))", pkey[0], pkey[1]); /* Put DATA into a simplified S-expression. */ - if (rc || gcry_sexp_build (&s_data, NULL, "%m", data)) - BUG (); + if (!rc) + rc = gcry_sexp_build (&s_data, NULL, "%m", data); } else if (algo == PUBKEY_ALGO_ECDH) { gcry_mpi_t k; - char *curve; rc = pk_ecdh_generate_ephemeral_key (pkey, &k); - if (rc) - return rc; - - curve = openpgp_oid_to_str (pkey[0]); - if (!curve) - rc = gpg_error_from_syserror (); - else + if (!rc) { - /* Now use the ephemeral secret to compute the shared point. */ - rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecdh(curve%s)(q%m)))", - curve, pkey[1]); - xfree (curve); - /* FIXME: Take care of RC. */ - /* Put K into a simplified S-expression. */ - if (rc || gcry_sexp_build (&s_data, NULL, "%m", k)) - BUG (); + char *curve; + + curve = openpgp_oid_to_str (pkey[0]); + if (!curve) + rc = gpg_error_from_syserror (); + else + { + /* Now use the ephemeral secret to compute the shared point. */ + rc = gcry_sexp_build (&s_pkey, NULL, + "(public-key(ecdh(curve%s)(q%m)))", + curve, pkey[1]); + xfree (curve); + /* Put K into a simplified S-expression. */ + if (!rc) + rc = gcry_sexp_build (&s_data, NULL, "%m", k); + } + gcry_mpi_release (k); } } else - return gpg_error (GPG_ERR_PUBKEY_ALGO); - + rc = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Pass it to libgcrypt. */ - rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey); + if (!rc) + rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey); + gcry_sexp_release (s_data); gcry_sexp_release (s_pkey); commit a94674c54e774803a2efba36b962f3b95f8ebb14 Author: Werner Koch Date: Wed Sep 3 09:45:20 2014 +0200 doc: Remove some stuff for the very incomplete instguide. -- diff --git a/doc/instguide.texi b/doc/instguide.texi index d6815e2..aff3955 100644 --- a/doc/instguide.texi +++ b/doc/instguide.texi @@ -13,7 +13,7 @@ include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing listsfor advise on how to solve problems or how to -get that whole thing up and running. +get that whole thing up and running. ** Building the software @@ -22,7 +22,7 @@ that you are already reading this documentation we can only give some extra hints To comply with the rules on GNU systems you should have build time -configured @command{dirmngr} using: +configured @command{gnupg} using: @example ./configure --sysconfdir=/etc --localstatedir=/var @@ -36,19 +36,7 @@ the binaries get installed. If you selected to use the the default then. - -** Explain how to setup a root CA key as trusted - - -Such questions may also help to write a proper installation guide. - -[to be written] - - -XXX Tell how to setup the system, install certificates, how dirmngr relates -to GnuPG etc. - -** Explain how to setup a root CA key as trusted +** Notes on setting a root CA key to trusted X.509 is based on a hierarchical key infrastructure. At the root of the tree a trusted anchor (root certificate) is required. There are usually @@ -64,28 +52,26 @@ contains a few root certificates. Most installations will need more. @item Let @command{gpgsm} ask you whether you want to insert a new root -certificate. To enable this feature you need to set the option - at option{allow-mark-trusted} into @file{gpg-agent.conf}. In general it -is not a good idea to do it this way. Checking whether a root -certificate is really trustworthy requires decisions, which casual -users are not up to. Thus, by default this option is not enabled. +certificate. This feature is enabled by default; you may disable it +using the option @option{no-allow-mark-trusted} into + at file{gpg-agent.conf}. - at item + at item Manually maintain the list of trusted root certificates. For a multi user installation this can be done once for all users on a machine. -Specific changes on a per-user base are also possible. +Specific changes on a per-user base are also possible. @end itemize -XXX decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt. - - -** How to get the ssh support running + at c decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt. -XXX How to use the ssh support. + at c ** How to get the ssh support running + at c + at c XXX How to use the ssh support. - at section Installation Overview -XXXX + at c @section Installation Overview + at c + at c XXXX ----------------------------------------------------------------------- Summary of changes: doc/instguide.texi | 44 ++++++++++++++--------------------------- g10/pkglue.c | 55 +++++++++++++++++++++++++++------------------------- 2 files changed, 44 insertions(+), 55 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 8 19:19:33 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 08 Sep 2014 19:19:33 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.13-28-g92d62c1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 92d62c15706a0e47991f558987f531fbd36c9fad (commit) via 25f312dbb82722d23ad9faed8341923af6d3663c (commit) via 983ff989e21bb2777a877f1c872f946a67b3c135 (commit) via 2ff05feae6c5090081612a7d9a787298f37d46a2 (commit) from 7fdca61bcf60e730177889fbbd2f935ba33ae0c3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 92d62c15706a0e47991f558987f531fbd36c9fad Author: Werner Koch Date: Mon Sep 8 19:19:40 2014 +0200 Post release updates -- diff --git a/NEWS b/NEWS index ecab2e6..e5e94ee 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.15 (unreleased) [C__/A__/R_] +----------------------------------------------- + + Noteworthy changes in version 1.14 (2014-09-08) [C12/A12/R0] ----------------------------------------------- diff --git a/configure.ac b/configure.ac index ca42e45..61dc357 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.11" # another commit, and a push so that the git magic is able to work. # See below for the LT versions. m4_define([mym4_version_major], [1]) -m4_define([mym4_version_minor], [14]) +m4_define([mym4_version_minor], [15]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit 25f312dbb82722d23ad9faed8341923af6d3663c Author: Werner Koch Date: Mon Sep 8 18:30:38 2014 +0200 Release 1.14. * configure.ac: Set LT version to C12/A12/R0. diff --git a/NEWS b/NEWS index 6099d5b..ecab2e6 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,7 @@ -Noteworthy changes in version 1.14 (unreleased) +Noteworthy changes in version 1.14 (2014-09-08) [C12/A12/R0] ----------------------------------------------- - * Added trylock function + * Added gpgrt_lock_trylock. * Added the estream library under the name gpgrt and a set of macros to use them with their "es_" names. diff --git a/configure.ac b/configure.ac index b155437..ca42e45 100644 --- a/configure.ac +++ b/configure.ac @@ -51,8 +51,8 @@ AC_INIT([libgpg-error],[mym4_full_version],[http://bugs.gnupg.org]) # (Interfaces added: AGE++) # (Interfaces removed: AGE=0) # Note that added error codes don't constitute an interface change. -LIBGPG_ERROR_LT_CURRENT=11 -LIBGPG_ERROR_LT_AGE=11 +LIBGPG_ERROR_LT_CURRENT=12 +LIBGPG_ERROR_LT_AGE=12 LIBGPG_ERROR_LT_REVISION=0 ################################################ commit 983ff989e21bb2777a877f1c872f946a67b3c135 Author: Werner Koch Date: Mon Sep 8 19:11:10 2014 +0200 po: Auto-update -- diff --git a/po/cs.po b/po/cs.po index 38aa99e..bbee620 100644 --- a/po/cs.po +++ b/po/cs.po @@ -751,6 +751,11 @@ msgstr "Lich?? ??estn??ctkov?? ????sla v S-v??razu" msgid "Bad octal character in S-expression" msgstr "Chybn?? osmi??kov?? znak v??S-v??razu" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "Kl????i vypr??ela platnost" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/da.po b/po/da.po index 24f8a2f..974326b 100644 --- a/po/da.po +++ b/po/da.po @@ -728,6 +728,11 @@ msgstr "Ulige hexadecimalt tal i S-udtryk" msgid "Bad octal character in S-expression" msgstr "??delagt oktalt tegn i S-udtryk" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "N??gle udl??bet" + msgid "Not possible with a card based key" msgstr "Ikke muligt med en kortbaseret n??gle" diff --git a/po/eo.po b/po/eo.po index 17e3d8d..3d243d1 100644 --- a/po/eo.po +++ b/po/eo.po @@ -761,6 +761,11 @@ msgstr "Malparaj deksesumaj numeroj en S-esprimo" msgid "Bad octal character in S-expression" msgstr "Mal??usta okuma signo en S-esprimo" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "??losilo malvalidi??is" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/fr.po b/po/fr.po index d67dd4e..9feac2d 100644 --- a/po/fr.po +++ b/po/fr.po @@ -744,6 +744,11 @@ msgstr "Nombre hexad??cimal impair dans l'expression symbolique" msgid "Bad octal character in S-expression" msgstr "Mauvais caract??re octal dans l'expression symbolique" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "Clef expir??e" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/it.po b/po/it.po index 2567bd0..9516a41 100644 --- a/po/it.po +++ b/po/it.po @@ -761,6 +761,11 @@ msgstr "Numeri esadecimali dispari in S-expression" msgid "Bad octal character in S-expression" msgstr "Carattere ottale errato in S-expression" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "Chiave scaduta" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/ja.po b/po/ja.po index 74b8f22..d33c007 100644 --- a/po/ja.po +++ b/po/ja.po @@ -725,6 +725,11 @@ msgstr "S??????????????????16?????????????????????????????????" msgid "Bad octal character in S-expression" msgstr "S??????????????????8?????????????????????????????????" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "????????????????????????" + msgid "Not possible with a card based key" msgstr "????????????????????????????????????" diff --git a/po/nl.po b/po/nl.po index 977ccb3..785d34e 100644 --- a/po/nl.po +++ b/po/nl.po @@ -743,6 +743,11 @@ msgstr "Vreemde hexadecimale getallen in S-expressie" msgid "Bad octal character in S-expression" msgstr "Fout octaal teken in S-expressie" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "Sleutel is verlopen" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/pl.po b/po/pl.po index 0673779..ff0d4f0 100644 --- a/po/pl.po +++ b/po/pl.po @@ -725,6 +725,11 @@ msgstr "Nieparzysta liczba cyfr szesnastkowych w S-wyra??eniu" msgid "Bad octal character in S-expression" msgstr "B????dny znak ??semkowy w S-wyra??eniu" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "Klucz wygas??" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/ro.po b/po/ro.po index 8d21615..1f421cc 100644 --- a/po/ro.po +++ b/po/ro.po @@ -762,6 +762,11 @@ msgstr "Numere hexazecimale ciudate msgid "Bad octal character in S-expression" msgstr "Caracter octal incorect ?n expresia-S" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "Cheie expirat?" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/sv.po b/po/sv.po index 7fcad88..f8e1194 100644 --- a/po/sv.po +++ b/po/sv.po @@ -749,6 +749,11 @@ msgstr "Udda hexadecimala tal i S-uttryck" msgid "Bad octal character in S-expression" msgstr "Felaktigt oktadecimalt tecken i S-uttryck" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "Nyckeln har g??tt ut" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/uk.po b/po/uk.po index be9d7aa..4464693 100644 --- a/po/uk.po +++ b/po/uk.po @@ -763,6 +763,11 @@ msgstr "?????????? ???????????????????????????? ?????????? ?? S-????????????" msgid "Bad octal character in S-expression" msgstr "???????????????????? ???????????????????? ???????????? ?? S-????????????" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "?????????? ?????? ?????????? ??????????????????" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/vi.po b/po/vi.po index 6606dc2..123cfb0 100644 --- a/po/vi.po +++ b/po/vi.po @@ -751,6 +751,11 @@ msgstr "C?? s??? th???p l???c l??? trong bi???u th???c S" msgid "Bad octal character in S-expression" msgstr "K?? t??? b??t ph??n sai trong bi???u th???c S" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "Kho?? h???t h???n" + msgid "Not possible with a card based key" msgstr "" diff --git a/po/zh_CN.po b/po/zh_CN.po index ca22d85..597684f 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -748,6 +748,11 @@ msgstr "" msgid "Bad octal character in S-expression" msgstr "" +#, fuzzy +#| msgid "Key expired" +msgid "Key disabled" +msgstr "???????????????" + msgid "Not possible with a card based key" msgstr "" commit 2ff05feae6c5090081612a7d9a787298f37d46a2 Author: Werner Koch Date: Mon Sep 8 19:10:45 2014 +0200 po: Update de.po. diff --git a/po/de.po b/po/de.po index 6e18de4..6f7043d 100644 --- a/po/de.po +++ b/po/de.po @@ -5,9 +5,9 @@ # msgid "" msgstr "" -"Project-Id-Version: libgpg-error-1.9\n" +"Project-Id-Version: libgpg-error-1.14\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-04-15 12:55+0200\n" +"PO-Revision-Date: 2014-09-08 18:37+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: none\n" "Language: \n" @@ -726,6 +726,9 @@ msgstr "Ungerade Anzahl von Hex-Zeichen in S-expression" msgid "Bad octal character in S-expression" msgstr "Falsches Oktal-Zeichen in S-expression" +msgid "Key disabled" +msgstr "Schl??ssel abgeschaltet" + msgid "Not possible with a card based key" msgstr "Nicht m??glich mit einem kartenbasierten Schl??ssel" ----------------------------------------------------------------------- Summary of changes: NEWS | 8 ++++++-- configure.ac | 6 +++--- po/cs.po | 5 +++++ po/da.po | 5 +++++ po/de.po | 7 +++++-- po/eo.po | 5 +++++ po/fr.po | 5 +++++ po/it.po | 5 +++++ po/ja.po | 5 +++++ po/nl.po | 5 +++++ po/pl.po | 5 +++++ po/ro.po | 5 +++++ po/sv.po | 5 +++++ po/uk.po | 5 +++++ po/vi.po | 5 +++++ po/zh_CN.po | 5 +++++ 16 files changed, 79 insertions(+), 7 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 8 19:24:51 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 08 Sep 2014 19:24:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-14-g40ad42d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 40ad42dbe3c67d8103aedb6b584f4bedc5f93307 (commit) from a731c22952278c12c601b73d7581fda3a15a4b5b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40ad42dbe3c67d8103aedb6b584f4bedc5f93307 Author: Werner Koch Date: Thu Aug 28 16:01:22 2014 +0200 gpg: Do not show "MD5" and triplicated "RSA" in --version. * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases (build_list_md_test_algo): Ignore MD5. diff --git a/g10/gpg.c b/g10/gpg.c index ce1a87f..8d69da0 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -842,6 +842,12 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*)) static int build_list_pk_test_algo (int algo) { + /* Show only one "RSA" string. If RSA_E or RSA_S is available RSA + is also available. */ + if (algo == PUBKEY_ALGO_RSA_E + || algo == PUBKEY_ALGO_RSA_S) + return GPG_ERR_DIGEST_ALGO; + return openpgp_pk_test_algo (algo); } @@ -866,6 +872,11 @@ build_list_cipher_algo_name (int algo) static int build_list_md_test_algo (int algo) { + /* By default we do not accept MD5 based signatures. To avoid + confusion we do not announce support for it either. */ + if (algo == DIGEST_ALGO_MD5) + return GPG_ERR_DIGEST_ALGO; + return openpgp_md_test_algo (algo); } ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 11 +++++++++++ 1 file changed, 11 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 8 19:32:52 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 08 Sep 2014 19:32:52 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-26-g64329cc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 64329cce9a0f21cf941ff2c3f542a08c57cb5378 (commit) via 98f65291d7abecc1e4d618125f33b6ce759e0892 (commit) via a94674c54e774803a2efba36b962f3b95f8ebb14 (commit) via 1449a22d2e43ae0ae127260a925e3a2c92b5f7a5 (commit) via bf2fc12b83b45953f7afa403b8d91c36d0b50ec9 (commit) via afe85582ddc2ebc285728bf6417f8929fd0b3281 (commit) via 4054d86abcb7ad953ed9e988b1765cb9266faefd (commit) via c913e09ebdbb1a1e9838a0a5897448841f5e9bc3 (commit) via b6386367aca957c52586fbf52f11604451ba4fe7 (commit) via be98b5960ebd48929c399b0b91c95bfc0cb9749b (commit) via 15cfd9a3bcdd561091a28c8f989c616b87348463 (commit) via 519305feb888b529c005b40445d041a088a2f8fc (commit) from 40ad42dbe3c67d8103aedb6b584f4bedc5f93307 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 64329cce9a0f21cf941ff2c3f542a08c57cb5378 Merge: 40ad42d 98f6529 Author: Werner Koch Date: Mon Sep 8 19:26:02 2014 +0200 Merge branch 'wk/test-gpgrt-estream' ----------------------------------------------------------------------- Summary of changes: agent/cvt-openpgp.c | 84 +- agent/protect.c | 79 +- build-aux/speedo.mk | 3 +- common/Makefile.am | 1 - common/asshelp2.c | 2 +- common/audit.c | 2 +- common/audit.h | 2 - common/estream-printf.c | 1855 ------------------- common/estream-printf.h | 149 -- common/estream.c | 4561 ----------------------------------------------- common/estream.h | 434 ----- common/exechelp.h | 2 - common/http.c | 4 +- common/http.h | 1 - common/init.c | 8 +- common/iobuf.h | 1 - common/logging.h | 1 - common/membuf.c | 2 +- common/miscellaneous.c | 45 +- common/openpgp-oid.c | 132 +- common/t-http.c | 2 +- common/ttyio.c | 2 +- common/util.h | 14 +- common/xasprintf.c | 15 +- configure.ac | 23 +- dirmngr/crlcache.c | 9 +- dirmngr/crlfetch.c | 1 - dirmngr/dirmngr_ldap.c | 1 + dirmngr/ks-action.c | 2 +- dirmngr/ks-engine.h | 3 +- dirmngr/ocsp.c | 1 - doc/gpg.texi | 2 +- doc/instguide.texi | 44 +- g10/export.c | 6 +- g10/keygen.c | 15 +- g10/pkglue.c | 55 +- g13/create.c | 1 - g13/g13.h | 1 - g13/mount.c | 1 - kbx/kbxutil.c | 1 + m4/Makefile.am | 2 - m4/estream.m4 | 49 - scd/app-openpgp.c | 5 +- scd/atr.c | 2 +- scd/command.c | 10 +- scd/scdaemon.c | 4 +- sm/certdump.c | 8 +- 47 files changed, 325 insertions(+), 7322 deletions(-) delete mode 100644 common/estream-printf.c delete mode 100644 common/estream-printf.h delete mode 100644 common/estream.c delete mode 100644 common/estream.h delete mode 100644 m4/estream.m4 hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 9 21:28:52 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 09 Sep 2014 21:28:52 +0200 Subject: [git] gnupg-doc - branch, master, updated. 0a24a4f9b47b03292777a82c8e6c64c022c5fe68 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 0a24a4f9b47b03292777a82c8e6c64c022c5fe68 (commit) via 7b7b4aaa1946cfb6e7ee4c09a8c29ee1466d37a8 (commit) via a168775ff6b4e795cb644894c822310e5fbfaf67 (commit) from d312f13e757c690b7b90d2ad3abf958c05d3afe8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0a24a4f9b47b03292777a82c8e6c64c022c5fe68 Author: Werner Koch Date: Tue Sep 9 21:29:20 2014 +0200 swdb: Release of libgpg-error diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi index 61ecce2..3293b3c 100755 --- a/cgi/procdonate.cgi +++ b/cgi/procdonate.cgi @@ -34,6 +34,7 @@ my $sessid = $q->param("sessid"); # Variables used in the template pages. my $amount = ""; my $stripeamount = ""; +my $euroamount = ""; my $currency = ""; my $name = ""; my $mail = ""; @@ -89,6 +90,8 @@ sub write_template ($) { $mail =~ s//g; @@ -134,6 +137,7 @@ sub write_template ($) { # for the textarea tag. s//$sessid/ || s/(\x22\x2f>)?/$amount\1/ + || s/(\x22\x2f>)?/$euroamount\1/ || s/(\x22\x2f>)?/$stripeamount\1/ || s/(\x22\x2f>)?/$currency\1/ || s/(\x22\x2f>)?/$name\1/ @@ -327,6 +331,7 @@ sub check_donation () $stripeamount = $data{"_amount"}; $amount = $data{"Amount"}; $currency = $data{"Currency"}; + $euroamount = $data{"Euro"} # Check the mail address if ($mail ne '' and $mail !~ /\S+@\S+\.\S+/ ) { @@ -343,6 +348,7 @@ sub check_donation () # Now create a session. $data{"Stripeamount"} = $stripeamount; + $data{"Euroamount"} = $euroamount; $data{"Name"} = $name; $data{"Mail"} = $mail; $data{"Message"} = $message; @@ -362,6 +368,7 @@ sub resend_main_page () $amount = $data{"Amount"}; $currency = $data{"Currency"}; $stripeamount = $data{"Stripeamount"}; + $euroamount = $data{"Euroamount"}; $name = $data{"Name"}; $mail = $data{"Mail"}; $message = $data{"Message"}; @@ -379,6 +386,7 @@ sub resend_card_checkout () $amount = $data{"Amount"}; $currency = $data{"Currency"}; $stripeamount = $data{"Stripeamount"}; + $euroamount = $data{"Euroamount"}; $name = $data{"Name"}; $mail = $data{"Mail"}; $message = $data{"Message"}; @@ -397,6 +405,7 @@ sub prepare_card_checkout () $amount = $data{"Amount"}; $currency = $data{"Currency"}; $stripeamount = $data{"Stripeamount"}; + $euroamount = $data{"Euroamount"}; $mail = $data{"Mail"}; write_checkout_cc_page(); diff --git a/web/swdb.mac b/web/swdb.mac index a3bfa8b..15ceeec 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -91,9 +91,9 @@ # # LIBGPG-ERROR # -#+macro: libgpg_error_ver 1.13 -#+macro: libgpg_error_size 478k -#+macro: libgpg_error_sha1 50fbff11446a7b0decbf65a6e6b0eda17b5139fb +#+macro: libgpg_error_ver 1.14 +#+macro: libgpg_error_size 540k +#+macro: libgpg_error_sha1 dd46179e08f6708bb70719422b942f200989d195 # commit 7b7b4aaa1946cfb6e7ee4c09a8c29ee1466d37a8 Author: Werner Koch Date: Mon Sep 1 11:24:04 2014 +0200 web: Insert the last commit date into each file. * web/share/gpgweb.el (gpgweb-insert-header): Insert DC.Date. (gpgweb-postprocess-html): Get a date from git. diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 19d5a55..520466f 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -40,16 +40,11 @@ '(:components ("gpgweb-org" "gpgweb-other"))))) -(defun gpgweb-insert-header (title generated-at) +(defun gpgweb-insert-header (title committed-at) "Insert the header. -Note that using GENERATED-AT is highly problematic because rsync -would the always update the file. IF would be better to use the -file date of the source file but that has the problem that git -does not track it. We need to find a solution for this unless we -can do without DC.Date. A possible way to fix this is to use a -source file property which could be updated using Emacs features. -Or set a new date only if the file really changed. " +COMMITED-AT is the commit date string of the source file or nil +if not available." (goto-char (point-min)) (insert " " title " - - - +\n") + (when (and committed-at (>= (length committed-at) 10)) + (insert "\n")) + (insert " + @@ -69,9 +67,6 @@ Or set a new date only if the file really changed. " \n")) -;;; - (defconst gpgweb-gnupg-menu-alist '(("/index.html" @@ -200,15 +195,16 @@ Or set a new date only if the file really changed. " ;;; - Fixup sitemap. (defun gpgweb-postprocess-html (plist orgfile htmlfile) (let* ((visitingp (find-buffer-visiting htmlfile)) - (work-buffer (or visitingp (find-file-noselect htmlfile)))) + (work-buffer (or visitingp (find-file-noselect htmlfile))) + (committed-at (shell-command-to-string + (concat "git log -1 --format='%ci' -- " orgfile)))) (prog1 (with-current-buffer work-buffer (let ((fname (file-name-nondirectory htmlfile)) (fname-2 (replace-regexp-in-string ".*/stage\\(/.*\\)$" "\\1" htmlfile t)) - (title (org-publish-find-title orgfile)) - (generated-at (current-time))) + (title (org-publish-find-title orgfile))) ;; Insert header, menu, and footer. - (gpgweb-insert-header title generated-at) + (gpgweb-insert-header title committed-at) (gpgweb-insert-menu fname-2) (gpgweb-insert-footer) @@ -232,6 +228,7 @@ Or set a new date only if the file really changed. " (basic-save-buffer)) (unless visitingp (kill-buffer work-buffer)))))) + ;;; ;;; The publishing function used by the HTML exporter ;;; commit a168775ff6b4e795cb644894c822310e5fbfaf67 Author: Werner Koch Date: Mon Sep 1 11:19:39 2014 +0200 web: Release of GPA 0.9.5. diff --git a/web/index.org b/web/index.org index be9b0d6..c89694c 100644 --- a/web/index.org +++ b/web/index.org @@ -63,6 +63,12 @@ all [[file:news.org][news of previous years]] is also available. # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GPA 0.95 released + +GPA is the GNU Privacy Assistant, a frontend to GnuPG. This new +release has support for ECC keys and improves on the UI server +feature. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000356.html][{more}]] + ** GnuPG 2.0.26 released (2014-08-12) GnuPG 2.0.26 is now available. This is a maintenance release. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000353.html][{more}]] diff --git a/web/swdb.mac b/web/swdb.mac index 6580b39..a3bfa8b 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -43,8 +43,8 @@ # # GPA # -#+macro: gpa_ver 0.9.4 -#+macro: gpa_size 714k +#+macro: gpa_ver 0.9.5 +#+macro: gpa_size 716k # ----------------------------------------------------------------------- Summary of changes: cgi/procdonate.cgi | 9 +++++++++ web/index.org | 6 ++++++ web/share/gpgweb.el | 33 +++++++++++++++------------------ web/swdb.mac | 10 +++++----- 4 files changed, 35 insertions(+), 23 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 10 09:29:37 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 10 Sep 2014 09:29:37 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-27-g3b20cc2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3b20cc21de86ac8a475bdefd3aebb02a12fb8d0b (commit) from 64329cce9a0f21cf941ff2c3f542a08c57cb5378 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3b20cc21de86ac8a475bdefd3aebb02a12fb8d0b Author: Werner Koch Date: Wed Sep 10 09:15:57 2014 +0200 dirmngr: Fix the ks_fetch command for the http scheme. * common/http.c (http_session_ref): Allow for NULL arg. -- We always test for a an existing session and thus passing NULL as session object should be allowed. Reported-by: Jens Lechtenboerger diff --git a/common/http.c b/common/http.c index fe83e3f..7e3bb57 100644 --- a/common/http.c +++ b/common/http.c @@ -636,12 +636,17 @@ http_session_new (http_session_t *r_session, const char *tls_priority) } -/* Increment the reference count for session SESS. */ +/* Increment the reference count for session SESS. Passing NULL for + SESS is allowed. */ http_session_t http_session_ref (http_session_t sess) { - sess->refcount++; - /* log_debug ("http.c:session_ref: sess %p ref now %d\n", sess, sess->refcount); */ + if (sess) + { + sess->refcount++; + /* log_debug ("http.c:session_ref: sess %p ref now %d\n", sess, */ + /* sess->refcount); */ + } return sess; } ----------------------------------------------------------------------- Summary of changes: common/http.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 10 10:37:51 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 10 Sep 2014 10:37:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-28-g84419f4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 84419f42da0fd436a9e0e669730157e74ce38b77 (commit) from 3b20cc21de86ac8a475bdefd3aebb02a12fb8d0b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 84419f42da0fd436a9e0e669730157e74ce38b77 Author: Werner Koch Date: Wed Sep 10 10:37:48 2014 +0200 dirmngr: Support https for KS_FETCH. * dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ... * dirmngr/misc.c (cert_log_cb): here. * dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection and https. -- Note that this requires that the root certificates are registered using the --hkp-cacert option. Eventually we may introduce a separate option to allow using different CAs for KS_FETCH and keyserver based requests. diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 762ab4a..12b1778 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -880,40 +880,6 @@ ks_hkp_housekeeping (time_t curtime) } -/* Callback to print infos about the TLS certificates. */ -static void -cert_log_cb (http_session_t sess, gpg_error_t err, - const char *hostname, const void **certs, size_t *certlens) -{ - ksba_cert_t cert; - size_t n; - - (void)sess; - - if (!err) - return; /* No error - no need to log anything */ - - log_debug ("expected hostname: %s\n", hostname); - for (n=0; certs[n]; n++) - { - err = ksba_cert_new (&cert); - if (!err) - err = ksba_cert_init_from_mem (cert, certs[n], certlens[n]); - if (err) - log_error ("error parsing cert for logging: %s\n", gpg_strerror (err)); - else - { - char textbuf[20]; - snprintf (textbuf, sizeof textbuf, "server[%u]", (unsigned int)n); - dump_cert (textbuf, cert); - } - - ksba_cert_release (cert); - } -} - - - /* Send an HTTP request. On success returns an estream object at R_FP. HOSTPORTSTR is only used for diagnostics. If HTTPHOST is not NULL it will be used as HTTP "Host" header. If POST_CB is not diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index aed3aaa..e4c2b78 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -38,6 +38,7 @@ ks_http_help (ctrl_t ctrl, parsed_uri_t uri) const char const data[] = "Handler for HTTP URLs:\n" " http://\n" + " https://\n" "Supported methods: fetch\n"; gpg_error_t err; @@ -58,11 +59,17 @@ gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) { gpg_error_t err; + http_session_t session = NULL; http_t http = NULL; int redirects_left = MAX_REDIRECTS; estream_t fp = NULL; char *request_buffer = NULL; + err = http_session_new (&session, NULL); + if (err) + goto leave; + http_session_set_log_cb (session, cert_log_cb); + *r_fp = NULL; once_more: err = http_open (&http, @@ -72,7 +79,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) /* fixme: AUTH */ NULL, 0, /* fixme: proxy*/ NULL, - NULL, NULL, + session, + NULL, /*FIXME curl->srvtag*/NULL); if (!err) { @@ -112,6 +120,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) case 301: case 302: + case 307: { const char *s = http_get_header (http, "Location"); @@ -157,6 +166,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) leave: http_close (http, 0); + http_session_release (session); xfree (request_buffer); return err; } diff --git a/dirmngr/misc.c b/dirmngr/misc.c index 0bca5ee..25652a2 100644 --- a/dirmngr/misc.c +++ b/dirmngr/misc.c @@ -384,6 +384,39 @@ cert_log_subject (const char *text, ksba_cert_t cert) } +/* Callback to print infos about the TLS certificates. */ +void +cert_log_cb (http_session_t sess, gpg_error_t err, + const char *hostname, const void **certs, size_t *certlens) +{ + ksba_cert_t cert; + size_t n; + + (void)sess; + + if (!err) + return; /* No error - no need to log anything */ + + log_debug ("expected hostname: %s\n", hostname); + for (n=0; certs[n]; n++) + { + err = ksba_cert_new (&cert); + if (!err) + err = ksba_cert_init_from_mem (cert, certs[n], certlens[n]); + if (err) + log_error ("error parsing cert for logging: %s\n", gpg_strerror (err)); + else + { + char textbuf[20]; + snprintf (textbuf, sizeof textbuf, "server[%u]", (unsigned int)n); + dump_cert (textbuf, cert); + } + + ksba_cert_release (cert); + } +} + + /**************** * Remove all %xx escapes; this is done inplace. * Returns: New length of the string. diff --git a/dirmngr/misc.h b/dirmngr/misc.h index 928bf78..2dc2985 100644 --- a/dirmngr/misc.h +++ b/dirmngr/misc.h @@ -68,6 +68,10 @@ void dump_string (const char *string); TEXT. This is used for debugging. */ void dump_cert (const char *text, ksba_cert_t cert); +/* Callback to print infos about the TLS certificates. */ +void cert_log_cb (http_session_t sess, gpg_error_t err, + const char *hostname, const void **certs, size_t *certlens); + /* Return the host name and the port (0 if none was given) from the URL. Return NULL on error or if host is not included in the URL. */ ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-hkp.c | 34 ---------------------------------- dirmngr/ks-engine-http.c | 12 +++++++++++- dirmngr/misc.c | 33 +++++++++++++++++++++++++++++++++ dirmngr/misc.h | 4 ++++ 4 files changed, 48 insertions(+), 35 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 11 15:39:58 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 11 Sep 2014 15:39:58 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.14-6-g7de798e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 7de798e2b0f4c4d18b1690e1ab370522faa2de9d (commit) via 6ebcd696fdbc0485099fba987c0c302cb46dd116 (commit) via 316171204d9a995f8b85431830bbc225ea144b48 (commit) via 5a4684f3b0db4cd5c13f94b1319c245ef96ce91d (commit) via 4138644d74f127c1f4abf7455fe1e21f56d6e07e (commit) from 92d62c15706a0e47991f558987f531fbd36c9fad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7de798e2b0f4c4d18b1690e1ab370522faa2de9d Author: Werner Koch Date: Thu Sep 11 15:39:49 2014 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index ae453bc..94e1290 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.16 (unreleased) [C__/A__/R_] +----------------------------------------------- + + Noteworthy changes in version 1.15 (2014-09-11) [C12/A12/R1] ----------------------------------------------- diff --git a/configure.ac b/configure.ac index 5aa89ce..d2964f2 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.11" # another commit, and a push so that the git magic is able to work. # See below for the LT versions. m4_define([mym4_version_major], [1]) -m4_define([mym4_version_minor], [15]) +m4_define([mym4_version_minor], [16]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit 6ebcd696fdbc0485099fba987c0c302cb46dd116 Author: Werner Koch Date: Thu Sep 11 15:31:22 2014 +0200 Release 1.15. * configure.ac: Set LT version to C12/A12/R1. diff --git a/NEWS b/NEWS index abf58a4..ae453bc 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.15 (unreleased) [C__/A__/R_] +Noteworthy changes in version 1.15 (2014-09-11) [C12/A12/R1] ----------------------------------------------- * This releases fixes problems with the use of off_t and ssize_t by diff --git a/configure.ac b/configure.ac index d951e9d..5aa89ce 100644 --- a/configure.ac +++ b/configure.ac @@ -53,7 +53,7 @@ AC_INIT([libgpg-error],[mym4_full_version],[http://bugs.gnupg.org]) # Note that added error codes don't constitute an interface change. LIBGPG_ERROR_LT_CURRENT=12 LIBGPG_ERROR_LT_AGE=12 -LIBGPG_ERROR_LT_REVISION=0 +LIBGPG_ERROR_LT_REVISION=1 ################################################ AC_SUBST(LIBGPG_ERROR_LT_CURRENT) commit 316171204d9a995f8b85431830bbc225ea144b48 Author: Werner Koch Date: Thu Sep 11 15:12:55 2014 +0200 Fix build problems with non-gmake (ie. AIX). * src/Makefile.am: Do not distribute gpg-error.h. (lock-obj-pub.native.h): Prepend a "./" to match the dependency. diff --git a/src/Makefile.am b/src/Makefile.am index d019fd7..a9c0a5a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -66,7 +66,7 @@ lock_obj_pub = \ lib_LTLIBRARIES = libgpg-error.la -include_HEADERS = gpg-error.h +nodist_include_HEADERS = gpg-error.h bin_SCRIPTS = gpg-error-config m4datadir = $(datadir)/aclocal m4data_DATA = gpg-error.m4 @@ -151,11 +151,12 @@ libgpg_error_la_LDFLAGS = \ -version-info \ @LIBGPG_ERROR_LT_CURRENT@:@LIBGPG_ERROR_LT_REVISION@:@LIBGPG_ERROR_LT_AGE@ -libgpg_error_la_SOURCES = gpg-error.h gettext.h $(arch_sources) \ +libgpg_error_la_SOURCES = gettext.h $(arch_sources) \ gpgrt-int.h init.c init.h version.c lock.h thread.h \ estream.c estream-printf.c estream-printf.h \ strsource.c strerror.c code-to-errno.c code-from-errno.c \ visibility.c visibility.h +nodist_libgpg_error_la_SOURCES = gpg-error.h # libgpg_error_la_DEPENDENCIES = \ # $(srcdir)/gpg-error.vers @@ -265,7 +266,7 @@ else pre_mkheader_cmds = : parts_of_gpg_error_h += ./lock-obj-pub.native.h -lock-obj-pub.native.h: Makefile gen-posix-lock-obj posix-lock-obj.h +./lock-obj-pub.native.h: Makefile gen-posix-lock-obj posix-lock-obj.h ./gen-posix-lock-obj >$@ endif commit 5a4684f3b0db4cd5c13f94b1319c245ef96ce91d Author: Werner Koch Date: Thu Sep 11 14:33:46 2014 +0200 Fix problems with ssize_t and off_t. * configure.ac (AC_SYS_LARGEFILE): New. (AC_CHECK_HEADERS): Check for stdint.h. (AC_CHECK_SIZEOF): Add for int, long and long long. (REPLACEMENT_FOR_OFF_T): New ac_define. * src/mkheader.c (have_stdint_h, have_w32_system, have_w64_system) (replacement_for_off_type, stdint_h_included): New. (xfree, xstrdup): New. (parse_config_h): New. (write_special): Support "define:gpgrt_off_t", "define:gpgrt_ssize_t", "api_ssize_t" tags. (main): Add config.h arg. Call parse_config_h. Fix substitute code. * src/Makefile.am (gpg-error.h): Pass config.h to mkheader. * src/gpg-error.h.in: Include definitions for gpgrt_ssize_t and gpgrt_off_t. Let mkheader insert ssize_t keywords. Chnage all off_t to gpgrt_off_t. * src/estream.c: Change all off_t to gpgrt_off_t. Chnage all ssize_t to gpgrt_ssize_t. * src/visibility.c (gpgrt_fseeko): Use gpgrt_off_t. (gpgrt_ftello): Ditto. (gpgrt_getline): Use gpgrt_ssize_t. (gpgrt_read_line): Ditto. diff --git a/NEWS b/NEWS index e5e94ee..abf58a4 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,18 @@ Noteworthy changes in version 1.15 (unreleased) [C__/A__/R_] ----------------------------------------------- + * This releases fixes problems with the use of off_t and ssize_t by + the estream functions introduced with 1.14. Although this is + technically an ABI break on some platforms, we take this as a + simple bug fix for 1.14. The new functions are very unlikely in + use by any code and thus no breakage should happen. The 1.14 + tarball will be removed from the archive. + + * Add type gpgrt_off_t which is guaranteed to be 64 bit. + + * Add type gpgrt_ssize_t to make use on Windows easier. On Unix + platforms this is an alias for ssize_t. + Noteworthy changes in version 1.14 (2014-09-08) [C12/A12/R0] ----------------------------------------------- diff --git a/configure.ac b/configure.ac index 61dc357..d951e9d 100644 --- a/configure.ac +++ b/configure.ac @@ -110,6 +110,12 @@ if test "$have_w32_system" != yes; then gl_THREADLIB_EARLY fi +# We build libgpg-error with large file support so that we have a 64 +# bit off_t. Our external interface uses the gpgrt_off_t which is +# anyway specified as 64 bit. Thus the same libgpg-error can be used +# by software which is not build with large file support. +AC_SYS_LARGEFILE + LT_PREREQ([2.2.6]) LT_INIT([win32-dll disable-static]) @@ -154,7 +160,7 @@ AM_GNU_GETTEXT([external]) # Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([stdlib.h locale.h]) +AC_CHECK_HEADERS([stdlib.h locale.h stdint.h]) AC_FUNC_STRERROR_R case "${host_os}" in solaris*) @@ -170,9 +176,35 @@ esac AC_CHECK_FUNCS([flockfile vasprintf]) +# # Checks for typedefs, structures, and compiler characteristics. +# AC_C_CONST +AC_CHECK_SIZEOF(int) +AC_CHECK_SIZEOF(long) +AC_CHECK_SIZEOF(long long) + +# Find a 64 bit integer type to be used instead of off_t. We prefer +# the standard integer types over int64_t and finally try long long. +if test "$ac_cv_sizeof_int" = "8"; then + replacement_for_off_t="int" +elif test "$ac_cv_sizeof_long" = "8"; then + replacement_for_off_t="long" +elif test "$ac_cv_header_stdint_h" = yes; then + replacement_for_off_t="int64_t" +elif test "$ac_cv_sizeof_long_long" = "8"; then + replacement_for_off_t="long long" +else + AC_MSG_ERROR([[ +*** +*** No 64 bit signed integer type found. Can't build this library. +***]]) +fi +AC_DEFINE_UNQUOTED(REPLACEMENT_FOR_OFF_T, "$replacement_for_off_t", + [Used by mkheader to insert the replacement type.]) + + # # Setup gcc specific options diff --git a/src/Makefile.am b/src/Makefile.am index 55a9bb9..d019fd7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -271,10 +271,11 @@ endif # We also depend on versioninfo.rc because that is build by # config.status and thus has up-to-date version numbers. -gpg-error.h: Makefile mkheader $(parts_of_gpg_error_h) versioninfo.rc +gpg-error.h: Makefile mkheader $(parts_of_gpg_error_h) \ + versioninfo.rc ../config.h $(pre_mkheader_cmds) ./mkheader $(host_os) $(host_triplet) $(srcdir)/gpg-error.h.in \ - $(PACKAGE_VERSION) $(VERSION_NUMBER) >$@ + ../config.h $(PACKAGE_VERSION) $(VERSION_NUMBER) >$@ install-data-local: diff --git a/src/estream.c b/src/estream.c index 7a5646e..d16938e 100644 --- a/src/estream.c +++ b/src/estream.c @@ -165,7 +165,7 @@ struct _gpgrt_stream_internal void *opaque; /* Opaque data. */ unsigned int modeflags; /* Flags for the backend. */ char *printable_fname; /* Malloced filename for es_fname_get. */ - off_t offset; + gpgrt_off_t offset; gpgrt_cookie_read_function_t func_read; gpgrt_cookie_write_function_t func_write; gpgrt_cookie_seek_function_t func_seek; @@ -607,11 +607,11 @@ func_mem_create (void *_GPGRT__RESTRICT *_GPGRT__RESTRICT cookie, /* Read function for memory objects. */ -static ssize_t +static gpgrt_ssize_t es_func_mem_read (void *cookie, void *buffer, size_t size) { estream_cookie_mem_t mem_cookie = cookie; - ssize_t ret; + gpgrt_ssize_t ret; if (size > mem_cookie->data_len - mem_cookie->offset) size = mem_cookie->data_len - mem_cookie->offset; @@ -628,11 +628,11 @@ es_func_mem_read (void *cookie, void *buffer, size_t size) /* Write function for memory objects. */ -static ssize_t +static gpgrt_ssize_t es_func_mem_write (void *cookie, const void *buffer, size_t size) { estream_cookie_mem_t mem_cookie = cookie; - ssize_t ret; + gpgrt_ssize_t ret; size_t nleft; if (!size) @@ -715,10 +715,10 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size) /* Seek function for memory objects. */ static int -es_func_mem_seek (void *cookie, off_t *offset, int whence) +es_func_mem_seek (void *cookie, gpgrt_off_t *offset, int whence) { estream_cookie_mem_t mem_cookie = cookie; - off_t pos_new; + gpgrt_off_t pos_new; switch (whence) { @@ -879,12 +879,12 @@ func_fd_create (void **cookie, int fd, unsigned int modeflags, int no_close) } /* Read function for fd objects. */ -static ssize_t +static gpgrt_ssize_t es_func_fd_read (void *cookie, void *buffer, size_t size) { estream_cookie_fd_t file_cookie = cookie; - ssize_t bytes_read; + gpgrt_ssize_t bytes_read; if (IS_INVALID_FD (file_cookie->fd)) { @@ -908,11 +908,11 @@ es_func_fd_read (void *cookie, void *buffer, size_t size) } /* Write function for fd objects. */ -static ssize_t +static gpgrt_ssize_t es_func_fd_write (void *cookie, const void *buffer, size_t size) { estream_cookie_fd_t file_cookie = cookie; - ssize_t bytes_written; + gpgrt_ssize_t bytes_written; if (IS_INVALID_FD (file_cookie->fd)) { @@ -937,10 +937,10 @@ es_func_fd_write (void *cookie, const void *buffer, size_t size) /* Seek function for fd objects. */ static int -es_func_fd_seek (void *cookie, off_t *offset, int whence) +es_func_fd_seek (void *cookie, gpgrt_off_t *offset, int whence) { estream_cookie_fd_t file_cookie = cookie; - off_t offset_new; + gpgrt_off_t offset_new; int err; if (IS_INVALID_FD (file_cookie->fd)) @@ -1039,11 +1039,11 @@ es_func_w32_create (void **cookie, HANDLE hd, } /* Read function for W32 handle objects. */ -static ssize_t +static gpgrt_ssize_t es_func_w32_read (void *cookie, void *buffer, size_t size) { estream_cookie_w32_t w32_cookie = cookie; - ssize_t bytes_read; + gpgrt_ssize_t bytes_read; if (w32_cookie->hd == INVALID_HANDLE_VALUE) { @@ -1081,11 +1081,11 @@ es_func_w32_read (void *cookie, void *buffer, size_t size) } /* Write function for W32 handle objects. */ -static ssize_t +static gpgrt_ssize_t es_func_w32_write (void *cookie, const void *buffer, size_t size) { estream_cookie_w32_t w32_cookie = cookie; - ssize_t bytes_written; + gpgrt_ssize_t bytes_written; if (w32_cookie->hd == INVALID_HANDLE_VALUE) { @@ -1118,7 +1118,7 @@ es_func_w32_write (void *cookie, const void *buffer, size_t size) /* Seek function for W32 handle objects. */ static int -es_func_w32_seek (void *cookie, off_t *offset, int whence) +es_func_w32_seek (void *cookie, gpgrt_off_t *offset, int whence) { estream_cookie_w32_t w32_cookie = cookie; DWORD method; @@ -1165,7 +1165,8 @@ es_func_w32_seek (void *cookie, off_t *offset, int whence) if (post_syscall_func) post_syscall_func (); #endif - *offset = (unsigned long long)newoff.QuadPart; + /* Note that gpgrt_off_t is always 64 bit. */ + *offset = (gpgrt_off_t)newoff.QuadPart; return 0; } @@ -1253,12 +1254,12 @@ func_fp_create (void **cookie, FILE *fp, } /* Read function for FILE* objects. */ -static ssize_t +static gpgrt_ssize_t es_func_fp_read (void *cookie, void *buffer, size_t size) { estream_cookie_fp_t file_cookie = cookie; - ssize_t bytes_read; + gpgrt_ssize_t bytes_read; if (file_cookie->fp) { @@ -1276,7 +1277,7 @@ es_func_fp_read (void *cookie, void *buffer, size_t size) } /* Write function for FILE* objects. */ -static ssize_t +static gpgrt_ssize_t es_func_fp_write (void *cookie, const void *buffer, size_t size) { estream_cookie_fp_t file_cookie = cookie; @@ -1319,7 +1320,7 @@ es_func_fp_write (void *cookie, const void *buffer, size_t size) /* Seek function for FILE* objects. */ static int -es_func_fp_seek (void *cookie, off_t *offset, int whence) +es_func_fp_seek (void *cookie, gpgrt_off_t *offset, int whence) { estream_cookie_fp_t file_cookie = cookie; long int offset_new; @@ -1592,7 +1593,7 @@ es_fill (estream_t stream) else { gpgrt_cookie_read_function_t func_read = stream->intern->func_read; - ssize_t ret; + gpgrt_ssize_t ret; ret = (*func_read) (stream->intern->cookie, stream->buffer, stream->buffer_size); @@ -1632,7 +1633,7 @@ es_flush (estream_t stream) { size_t bytes_written; size_t data_flushed; - ssize_t ret; + gpgrt_ssize_t ret; if (! func_write) { @@ -1649,7 +1650,8 @@ es_flush (estream_t stream) data_flushed = 0; err = 0; - while ((((ssize_t) (stream->data_offset - data_flushed)) > 0) && (! err)) + while ((((gpgrt_ssize_t) (stream->data_offset - data_flushed)) > 0) + && !err) { ret = (*func_write) (stream->intern->cookie, stream->buffer + data_flushed, @@ -1896,7 +1898,7 @@ es_read_nbf (estream_t _GPGRT__RESTRICT stream, { gpgrt_cookie_read_function_t func_read = stream->intern->func_read; size_t data_read; - ssize_t ret; + gpgrt_ssize_t ret; int err; data_read = 0; @@ -2077,12 +2079,12 @@ es_unreadn (estream_t _GPGRT__RESTRICT stream, /* Seek in STREAM. */ static int -es_seek (estream_t _GPGRT__RESTRICT stream, off_t offset, int whence, - off_t *_GPGRT__RESTRICT offset_new) +es_seek (estream_t _GPGRT__RESTRICT stream, gpgrt_off_t offset, int whence, + gpgrt_off_t *_GPGRT__RESTRICT offset_new) { gpgrt_cookie_seek_function_t func_seek = stream->intern->func_seek; int err, ret; - off_t off; + gpgrt_off_t off; if (! func_seek) { @@ -2142,7 +2144,7 @@ es_write_nbf (estream_t _GPGRT__RESTRICT stream, { gpgrt_cookie_write_function_t func_write = stream->intern->func_write; size_t data_written; - ssize_t ret; + gpgrt_ssize_t ret; int err; if (bytes_to_write && (! func_write)) @@ -2613,10 +2615,10 @@ es_set_buffering (estream_t _GPGRT__RESTRICT stream, } -static off_t +static gpgrt_off_t es_offset_calculate (estream_t stream) { - off_t offset; + gpgrt_off_t offset; offset = stream->intern->offset + stream->data_offset; if (offset < stream->unread_data_len) @@ -3496,7 +3498,7 @@ _gpgrt_fseek (estream_t stream, long int offset, int whence) int -_gpgrt_fseeko (estream_t stream, off_t offset, int whence) +_gpgrt_fseeko (estream_t stream, gpgrt_off_t offset, int whence) { int err; @@ -3521,10 +3523,10 @@ _gpgrt_ftell (estream_t stream) } -off_t +gpgrt_off_t _gpgrt_ftello (estream_t stream) { - off_t ret = -1; + gpgrt_off_t ret = -1; lock_stream (stream); ret = es_offset_calculate (stream); @@ -3748,7 +3750,7 @@ _gpgrt_fputs (const char *_GPGRT__RESTRICT s, estream_t _GPGRT__RESTRICT stream) } -ssize_t +gpgrt_ssize_t _gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, size_t *_GPGRT__RESTRICT n, estream_t _GPGRT__RESTRICT stream) { @@ -3799,7 +3801,7 @@ _gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, out: - return err ? err : (ssize_t)line_n; + return err ? err : (gpgrt_ssize_t)line_n; } @@ -3832,7 +3834,7 @@ _gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, allow the caller to append a CR,LF,Nul. The buffer should be released using gpgrt_free. */ -ssize_t +gpgrt_ssize_t _gpgrt_read_line (estream_t stream, char **addr_of_buffer, size_t *length_of_buffer, size_t *max_length) diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in index 4b1c0a0..80ce391 100644 --- a/src/gpg-error.h.in +++ b/src/gpg-error.h.in @@ -87,7 +87,6 @@ extern "C" { typedef enum { @include:err-sources@ - /* This is one more than the largest allowed entry. */ GPG_ERR_SOURCE_DIM = 128 } gpg_err_source_t; @@ -100,11 +99,9 @@ typedef enum typedef enum { @include:err-codes@ - /* The following error codes are used to map system errors. */ #define GPG_ERR_SYSTEM_ERROR (1 << 15) @include:errnos@ - /* This is one more than the largest allowed entry. */ GPG_ERR_CODE_DIM = 65536 } gpg_err_code_t; @@ -289,6 +286,10 @@ const char *gpg_error_check_version (const char *req_version); /* The version number of this header. */ #define GPG_ERROR_VERSION_NUMBER @version-number@ +/* System specific type definitions. */ + at define:gpgrt_ssize_t@ + at define:gpgrt_off_t@ + @include:os-add@ /* Self-documenting convenience functions. */ @@ -388,13 +389,13 @@ typedef struct _gpgrt__stream *gpgrt_stream_t; typedef struct _gpgrt__stream *estream_t; #endif -typedef ssize_t (*gpgrt_cookie_read_function_t) (void *cookie, +typedef @api_ssize_t@ (*gpgrt_cookie_read_function_t) (void *cookie, void *buffer, size_t size); -typedef ssize_t (*gpgrt_cookie_write_function_t) (void *cookie, +typedef @api_ssize_t@ (*gpgrt_cookie_write_function_t) (void *cookie, const void *buffer, size_t size); typedef int (*gpgrt_cookie_seek_function_t) (void *cookie, - off_t *pos, int whence); + gpgrt_off_t *pos, int whence); typedef int (*gpgrt_cookie_close_function_t) (void *cookie); struct _gpgrt_cookie_io_functions @@ -498,9 +499,9 @@ void gpgrt_clearerr_unlocked (gpgrt_stream_t stream); int gpgrt_fflush (gpgrt_stream_t stream); int gpgrt_fseek (gpgrt_stream_t stream, long int offset, int whence); -int gpgrt_fseeko (gpgrt_stream_t stream, off_t offset, int whence); +int gpgrt_fseeko (gpgrt_stream_t stream, gpgrt_off_t offset, int whence); long int gpgrt_ftell (gpgrt_stream_t stream); -off_t gpgrt_ftello (gpgrt_stream_t stream); +gpgrt_off_t gpgrt_ftello (gpgrt_stream_t stream); void gpgrt_rewind (gpgrt_stream_t stream); int gpgrt_fgetc (gpgrt_stream_t stream); @@ -555,10 +556,10 @@ int gpgrt_fputs (const char *_GPGRT__RESTRICT s, int gpgrt_fputs_unlocked (const char *_GPGRT__RESTRICT s, gpgrt_stream_t _GPGRT__RESTRICT stream); -ssize_t gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, + at api_ssize_t@ gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, size_t *_GPGRT__RESTRICT n, gpgrt_stream_t stream); -ssize_t gpgrt_read_line (gpgrt_stream_t stream, + at api_ssize_t@ gpgrt_read_line (gpgrt_stream_t stream, char **addr_of_buffer, size_t *length_of_buffer, size_t *max_length); void gpgrt_free (void *a); diff --git a/src/gpgrt-int.h b/src/gpgrt-int.h index df7c606..0e6f69c 100644 --- a/src/gpgrt-int.h +++ b/src/gpgrt-int.h @@ -162,12 +162,12 @@ int _gpgrt_fputs (const char *_GPGRT__RESTRICT s, int _gpgrt_fputs_unlocked (const char *_GPGRT__RESTRICT s, gpgrt_stream_t _GPGRT__RESTRICT stream); -ssize_t _gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, - size_t *_GPGRT__RESTRICT n, - gpgrt_stream_t stream); -ssize_t _gpgrt_read_line (gpgrt_stream_t stream, - char **addr_of_buffer, size_t *length_of_buffer, - size_t *max_length); +gpgrt_ssize_t _gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, + size_t *_GPGRT__RESTRICT n, + gpgrt_stream_t stream); +gpgrt_ssize_t _gpgrt_read_line (gpgrt_stream_t stream, + char **addr_of_buffer, size_t *length_of_buffer, + size_t *max_length); int _gpgrt_fprintf (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, ...) diff --git a/src/mkheader.c b/src/mkheader.c index 43e7fd8..9fe0695 100644 --- a/src/mkheader.c +++ b/src/mkheader.c @@ -28,6 +28,105 @@ static char *srcdir; static const char *hdr_version; static const char *hdr_version_number; +/* Values take from the supplied config.h. */ +static int have_stdint_h; +static int have_w32_system; +static int have_w64_system; +static char *replacement_for_off_type; + +/* Various state flags. */ +static int stdint_h_included; + + +/* The usual free wrapper. */ +static void +xfree (void *a) +{ + if (a) + free (a); +} + + +static char * +xstrdup (const char *string) +{ + char *p; + + p = malloc (strlen (string)+1); + if (!p) + { + fputs (PGM ": out of core\n", stderr); + exit (1); + } + strcpy (p, string); + return p; +} + + +/* Parse the supplied config.h file and extract required info. + Returns 0 on success. */ +static int +parse_config_h (const char *fname) +{ + FILE *fp; + char line[LINESIZE]; + int lnr = 0; + char *p1; + + fp = fopen (fname, "r"); + if (!fp) + { + fprintf (stderr, "%s:%d: can't open file: %s", + fname, lnr, strerror (errno)); + return 1; + } + + while (fgets (line, LINESIZE, fp)) + { + size_t n = strlen (line); + + lnr++; + if (!n || line[n-1] != '\n') + { + fprintf (stderr, + "%s:%d: trailing linefeed missing, line too long or " + "embedded nul character\n", fname, lnr); + break; + } + line[--n] = 0; + + if (strncmp (line, "#define ", 8)) + continue; /* We are only interested in define lines. */ + p1 = strtok (line + 8, " \t"); + if (!*p1) + continue; /* oops */ + if (!strcmp (p1, "HAVE_STDINT_H")) + have_stdint_h = 1; + else if (!strcmp (p1, "HAVE_W32_SYSTEM")) + have_w32_system = 1; + else if (!strcmp (p1, "HAVE_W64_SYSTEM")) + have_w64_system = 1; + else if (!strcmp (p1, "REPLACEMENT_FOR_OFF_T")) + { + p1 = strtok (NULL, "\""); + if (!*p1) + continue; /* oops */ + xfree (replacement_for_off_type); + replacement_for_off_type = xstrdup (p1); + } + } + + if (ferror (fp)) + { + fprintf (stderr, "%s:%d: error reading file: %s\n", + fname, lnr, strerror (errno)); + return 1; + } + + fclose (fp); + return 0; +} + /* Write LINE to stdout. The function is allowed to modify LINE. */ static void @@ -283,12 +382,57 @@ write_special (const char *fname, int lnr, const char *tag) putchar ('\"'); fputs (hdr_version, stdout); putchar ('\"'); - putchar ('\n'); } else if (!strcmp (tag, "version-number")) { fputs (hdr_version_number, stdout); - putchar ('\n'); + } + else if (!strcmp (tag, "define:gpgrt_off_t")) + { + if (!replacement_for_off_type) + { + fprintf (stderr, "%s:%d: replacement for off_t not defined\n", + fname, lnr); + exit (1); + } + else + { + if (!strcmp (replacement_for_off_type, "int64_t") + && !stdint_h_included && have_stdint_h) + { + fputs ("#include \n\n", stdout); + stdint_h_included = 1; + } + printf ("typedef %s gpgrt_off_t;\n", replacement_for_off_type); + } + } + else if (!strcmp (tag, "define:gpgrt_ssize_t")) + { + if (have_w64_system) + { + if (!stdint_h_included && have_stdint_h) + { + fputs ("# include \n", stdout); + stdint_h_included = 1; + } + fputs ("typedef int64_t gpgrt_ssize_t;\n", stdout); + } + else if (have_w32_system) + { + fputs ("typedef long gpgrt_ssize_t;\n", stdout); + } + else + { + fputs ("#include \n" + "typedef ssize_t gpgrt_ssize_t;\n", stdout); + } + } + else if (!strcmp (tag, "api_ssize_t")) + { + if (have_w32_system) + fputs ("gpgrt_ssize_t", stdout); + else + fputs ("ssize_t", stdout); } else if (!strcmp (tag, "include:err-sources")) { @@ -336,24 +480,27 @@ main (int argc, char **argv) int lnr = 0; const char *fname, *s; char *p1, *p2; + const char *config_h; if (argc) { argc--; argv++; } - if (argc != 5) + if (argc != 6) { fputs ("usage: " PGM - " host_os host_triplet template.h version version_number\n", + " host_os host_triplet template.h config.h" + " version version_number\n", stderr); return 1; } host_os = argv[0]; host_triplet = argv[1]; fname = argv[2]; - hdr_version = argv[3]; - hdr_version_number = argv[4]; + config_h = argv[3]; + hdr_version = argv[4]; + hdr_version_number = argv[5]; srcdir = malloc (strlen (fname) + 2 + 1); if (!srcdir) @@ -368,6 +515,9 @@ main (int argc, char **argv) else strcpy (srcdir, "./"); + if (parse_config_h (config_h)) + return 1; + fp = fopen (fname, "r"); if (!fp) { @@ -407,7 +557,6 @@ main (int argc, char **argv) printf ("Do not edit. Generated from %s for %s.", s? s+1 : fname, host_triplet); fputs (p2, stdout); - putchar ('\n'); } else if (!write_special (fname, lnr, p1)) { @@ -415,8 +564,12 @@ main (int argc, char **argv) fputs (p1, stdout); putchar ('@'); fputs (p2, stdout); - putchar ('\n'); } + else if (p2 && *p2) + { + fputs (p2, stdout); + } + putchar ('\n'); } if (ferror (fp)) diff --git a/src/visibility.c b/src/visibility.c index f1bbca6..f0d7fd1 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -346,7 +346,7 @@ gpgrt_fseek (estream_t stream, long int offset, int whence) } int -gpgrt_fseeko (estream_t stream, off_t offset, int whence) +gpgrt_fseeko (estream_t stream, gpgrt_off_t offset, int whence) { return _gpgrt_fseeko (stream, offset, whence); } @@ -357,7 +357,7 @@ gpgrt_ftell (estream_t stream) return _gpgrt_ftell (stream); } -off_t +gpgrt_off_t gpgrt_ftello (estream_t stream) { return _gpgrt_ftello (stream); @@ -468,14 +468,14 @@ gpgrt_fputs_unlocked (const char *_GPGRT__RESTRICT s, return _gpgrt_fputs_unlocked (s, stream); } -ssize_t +gpgrt_ssize_t gpgrt_getline (char *_GPGRT__RESTRICT *_GPGRT__RESTRICT lineptr, size_t *_GPGRT__RESTRICT n, estream_t _GPGRT__RESTRICT stream) { return _gpgrt_getline (lineptr, n, stream); } -ssize_t +gpgrt_ssize_t gpgrt_read_line (estream_t stream, char **addr_of_buffer, size_t *length_of_buffer, size_t *max_length) commit 4138644d74f127c1f4abf7455fe1e21f56d6e07e Author: Werner Koch Date: Thu Sep 11 14:14:23 2014 +0200 Fix compiler warning for w32. * src/syscfg/lock-obj-pub.mingw32.h (GPGRT_LOCK_INITIALIZER): Add mssing braces. diff --git a/src/syscfg/lock-obj-pub.mingw32.h b/src/syscfg/lock-obj-pub.mingw32.h index 2f3f911..d6623cc 100644 --- a/src/syscfg/lock-obj-pub.mingw32.h +++ b/src/syscfg/lock-obj-pub.mingw32.h @@ -24,10 +24,10 @@ typedef struct } gpgrt_lock_t; #pragma pack(pop) -#define GPGRT_LOCK_INITIALIZER {1,0,0,0,0,0,0,0,255,255,255,255, \ - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, \ - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, \ - 0,0,0,0,0,0,0,0,0,0,0,0} +#define GPGRT_LOCK_INITIALIZER {{1,0,0,0,0,0,0,0,255,255,255,255, \ + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0,0,0,0,0}} #else @@ -38,7 +38,7 @@ typedef struct } gpgrt_lock_t; #pragma pack(pop) -#define GPGRT_LOCK_INITIALIZER {1,0,0,0,0,0,0,0,255,255,255,255, \ - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, \ - 0,0,0,0,0,0,0,0} +#define GPGRT_LOCK_INITIALIZER {{1,0,0,0,0,0,0,0,255,255,255,255, \ + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0}} #endif ----------------------------------------------------------------------- Summary of changes: NEWS | 18 +++- configure.ac | 38 ++++++++- src/Makefile.am | 12 +-- src/estream.c | 80 +++++++++--------- src/gpg-error.h.in | 21 ++--- src/gpgrt-int.h | 12 +-- src/mkheader.c | 169 +++++++++++++++++++++++++++++++++++-- src/syscfg/lock-obj-pub.mingw32.h | 14 +-- src/visibility.c | 8 +- 9 files changed, 289 insertions(+), 83 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 11 16:41:12 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 11 Sep 2014 16:41:12 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-29-g3d250d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3d250d21d36e8a0935b645f1ed5134ef9083530e (commit) from 84419f42da0fd436a9e0e669730157e74ce38b77 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3d250d21d36e8a0935b645f1ed5134ef9083530e Author: Werner Koch Date: Thu Sep 11 16:40:45 2014 +0200 gpg: Stop early on bogus old style comment packets. * g10/parse-packet.c (parse_key): Take care of too short packets for old style commet packets. -- GnuPG-bug-id: 1714 diff --git a/g10/parse-packet.c b/g10/parse-packet.c index cfae788..edaa84d 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1978,7 +1978,9 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, for (; pktlen; pktlen--) { int c; - c = iobuf_get_noeof (inp); + c = iobuf_get (inp); + if (c == -1) + break; /* Ooops: shorter than indicated. */ if (c >= ' ' && c <= 'z') es_putc (c, listfp); else ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 11 17:06:47 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 11 Sep 2014 17:06:47 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-7-gcd53cdb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc (commit) from b89f57fe5db364f78154671e1b2fe1ecd1b5c407 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc Author: Werner Koch Date: Thu Sep 11 17:06:16 2014 +0200 mpi: Improve mpi_invm to detect bad input. * mpi/mpi-inv.c (mpi_invm): Return 0 for bad input. -- Without this patch the function may enter an endless loop. This is a backport from libgcrypt. GnuPG-bug-id: 1713 diff --git a/mpi/mpi-inv.c b/mpi/mpi-inv.c index b762630..361c57e 100644 --- a/mpi/mpi-inv.c +++ b/mpi/mpi-inv.c @@ -165,6 +165,11 @@ mpi_invm( MPI x, MPI a, MPI n ) int sign; int odd ; + if (!mpi_cmp_ui (a, 0)) + return 0; /* Inverse does not exists. */ + if (!mpi_cmp_ui (n, 1)) + return 0; /* Inverse does not exists. */ + u = mpi_copy(a); v = mpi_copy(n); ----------------------------------------------------------------------- Summary of changes: mpi/mpi-inv.c | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 12 09:36:41 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 12 Sep 2014 09:36:41 +0200 Subject: [git] gnupg-doc - branch, master, updated. 3f77c492df0fb50dcecf0b324998cec845569b1d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 3f77c492df0fb50dcecf0b324998cec845569b1d (commit) via 112530c089364b8bf1bc7430eacb7fdb18a767a4 (commit) from 0a24a4f9b47b03292777a82c8e6c64c022c5fe68 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f77c492df0fb50dcecf0b324998cec845569b1d Author: Werner Koch Date: Thu Sep 11 18:21:22 2014 +0200 web: Add Jaro Mail to the swlist. diff --git a/web/related_software/frontends.org b/web/related_software/frontends.org index 970cd16..a31bfe3 100644 --- a/web/related_software/frontends.org +++ b/web/related_software/frontends.org @@ -25,6 +25,7 @@ - [[file:swlist.org::#cryptophane][Cryptophane]] - [[file:swlist.org::#gnupg-shell][GnuPG Shell]] - [[file:swlist.org::#gpa][GPA]] + - [[file:swlist.org::#jaro-mail][Jaro Mail]] - [[file:swlist.org::#kgpg][KGpg]] - [[file:swlist.org::#seahorse][Seahorse]] - [[file:swlist.org::#wija][wija]] diff --git a/web/related_software/swlist.org b/web/related_software/swlist.org index 927e0af..7568a41 100644 --- a/web/related_software/swlist.org +++ b/web/related_software/swlist.org @@ -221,6 +221,18 @@ Is a Windows program which can be used to use GnuPG with all MUAs. GPGTools is an installer package for Mac OS X. It integrates all required modules for easy use of GnuPG on this OS. + +** [[https://www.dyne.org/software/jaro-mail][Jaro Mail]] [Unix,OSX] MUA +:PROPERTIES: +:CUSTOM_ID: jaro-mail +:END: + +Jaro Mail is an integrated suite of interoperable tools to manage +e-mail communication in a private and efficient way, without relying +too much on on-line services, in fact encouraging users to store their +email locally. + + ** [[ftp://ftp.gnupg.org/gcrypt/contrib/keylookup-2.1.tar.gz][Keylookup]] [Unix] MISC :PROPERTIES: :CUSTOM_ID: keylookup diff --git a/web/share/ox-gpgweb.el b/web/share/ox-gpgweb.el index 9b09ef2..e1dfded 100644 --- a/web/share/ox-gpgweb.el +++ b/web/share/ox-gpgweb.el @@ -1941,7 +1941,8 @@ channel." "Transcode a PROPERTY-DRAWER element from Org to HTML. CONTENTS holds the contents of the drawer. INFO is a plist holding contextual information." - (and (org-string-nw-p contents) + (and nil + (org-string-nw-p contents) (format "
\n%s
" contents))) ;;;; Quote Block commit 112530c089364b8bf1bc7430eacb7fdb18a767a4 Author: Werner Koch Date: Thu Sep 11 16:03:47 2014 +0200 swdb: libgpg-error 1.15. diff --git a/web/download/index.org b/web/download/index.org index 92f40da..7ed4df1 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -159,7 +159,8 @@ DirMngr is a daemon to handle CRL and certificate requests for GnuPG 2.0. It might also be installed as a system daemon for CRL - and OCSP checks. + and OCSP checks. Note that GnuPG 2.1 already includes a modernized + version of dirmngr. | DirMngr {{{dirmngr_ver}}} full source code | {{{dirmngr_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | @@ -207,6 +208,23 @@ {{{check_sig_note}}} +** Pinentry +# <> +#+index: Pinentry!download + + Pinentry is a collection of different PIN and passphrase entry + modules. One of these modules is required for GnuPG-2. + + | Pinnentry {{{pinentry_ver}}} full source code | {{{pinentry_size}}} | S | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | + | Signature for previous file | | | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | + + SHA-1 checksum for the above file: + {{{begin_chksum}}} + {{{pinentry_sha1}}} pinentry-{{{pinentry_ver}}}.tar.bz2 + {{{end_chksum}}} + + {{{check_sig_note}}} + ** Entropy Gathering Daemon # <> #+index: EGD!download diff --git a/web/swdb.mac b/web/swdb.mac index 15ceeec..8f1d23a 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -91,9 +91,9 @@ # # LIBGPG-ERROR # -#+macro: libgpg_error_ver 1.14 -#+macro: libgpg_error_size 540k -#+macro: libgpg_error_sha1 dd46179e08f6708bb70719422b942f200989d195 +#+macro: libgpg_error_ver 1.15 +#+macro: libgpg_error_size 534k +#+macro: libgpg_error_sha1 f41791121c66043fa18834597e0155ebcbff8ada # ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 20 +++++++++++++++++++- web/related_software/frontends.org | 1 + web/related_software/swlist.org | 12 ++++++++++++ web/share/ox-gpgweb.el | 3 ++- web/swdb.mac | 6 +++--- 5 files changed, 37 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 12 10:37:30 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 12 Sep 2014 10:37:30 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.15-2-ge1882ee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via e1882ee8c541020ec590bf096508ca5b6d2ab944 (commit) from 7de798e2b0f4c4d18b1690e1ab370522faa2de9d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e1882ee8c541020ec590bf096508ca5b6d2ab944 Author: Werner Koch Date: Fri Sep 12 10:33:16 2014 +0200 Fix a prototype * src/gpgrt-int.h: s/off_t/gpgrt_off_t/. diff --git a/src/gpgrt-int.h b/src/gpgrt-int.h index 0e6f69c..f97166f 100644 --- a/src/gpgrt-int.h +++ b/src/gpgrt-int.h @@ -105,9 +105,9 @@ void _gpgrt_clearerr_unlocked (gpgrt_stream_t stream); int _gpgrt_fflush (gpgrt_stream_t stream); int _gpgrt_fseek (gpgrt_stream_t stream, long int offset, int whence); -int _gpgrt_fseeko (gpgrt_stream_t stream, off_t offset, int whence); +int _gpgrt_fseeko (gpgrt_stream_t stream, gpgrt_off_t offset, int whence); long int _gpgrt_ftell (gpgrt_stream_t stream); -off_t _gpgrt_ftello (gpgrt_stream_t stream); +gpgrt_off_t _gpgrt_ftello (gpgrt_stream_t stream); void _gpgrt_rewind (gpgrt_stream_t stream); int _gpgrt_fgetc (gpgrt_stream_t stream); ----------------------------------------------------------------------- Summary of changes: src/gpgrt-int.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 12 10:59:42 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 12 Sep 2014 10:59:42 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-31-g3a896db Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3a896db26d1cdb1d1a4706a4e9037b04a610bba7 (commit) via 16ae4ca33e56ec48161ce40b945b2c2458972cf2 (commit) from 3d250d21d36e8a0935b645f1ed5134ef9083530e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3a896db26d1cdb1d1a4706a4e9037b04a610bba7 Author: Werner Koch Date: Fri Sep 12 10:57:49 2014 +0200 build: Require libgpg-error 1.15 -- 1.14 had a problem in its ABI and was thus remove from the FTP Server after 3 days. 1.15 fixes this. diff --git a/configure.ac b/configure.ac index 80af6fa..a522dd2 100644 --- a/configure.ac +++ b/configure.ac @@ -50,7 +50,7 @@ m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist)) m4_esyscmd([echo ]mym4_version[>VERSION]) AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) -NEED_GPG_ERROR_VERSION=1.14 +NEED_GPG_ERROR_VERSION=1.15 NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.6.0 commit 16ae4ca33e56ec48161ce40b945b2c2458972cf2 Author: Werner Koch Date: Fri Sep 12 10:49:31 2014 +0200 doc: Small grammar fix -- diff --git a/doc/gpg.texi b/doc/gpg.texi index e9bcff3..cee8ace 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -966,8 +966,8 @@ such a non-exportable signature already exists the This command uses reasonable defaults and thus does not provide the full flexibility of the "sign" subcommand from @option{--edit-key}. -Its intended use to help unattended signing using a list of verified -fingerprints. +Its intended use is to help unattended key signing by utilizing a list +of verified fingerprints. @end ifset @ifclear gpgone ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- doc/gpg.texi | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 12 11:38:01 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 12 Sep 2014 11:38:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-32-g83c2d23 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 83c2d2396cc9fa6bdd887a560830fc0f48b01b08 (commit) from 3a896db26d1cdb1d1a4706a4e9037b04a610bba7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 83c2d2396cc9fa6bdd887a560830fc0f48b01b08 Author: Werner Koch Date: Fri Sep 12 11:31:49 2014 +0200 gpg: Use algorithm id 22 for EdDSA. * common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22. * g10/keygen.c (ask_curve): Reword the Curve25519 warning note. -- In the hope that the IETF will eventually assign 22 for EdDSA using the draft-koch-eddsa-for-openpgp-01 specs we start using this number. diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h index ac1af37..c81109a 100644 --- a/common/openpgpdefs.h +++ b/common/openpgpdefs.h @@ -122,8 +122,8 @@ typedef enum PUBKEY_ALGO_ECDH = 18, /* RFC-6637 */ PUBKEY_ALGO_ECDSA = 19, /* RFC-6637 */ PUBKEY_ALGO_ELGAMAL = 20, /* Elgamal encrypt+sign (legacy). */ - - PUBKEY_ALGO_EDDSA = 105 /* EdDSA (cf. Ed25519) (experimental). */ + /* 21 reserved by OpenPGP. */ + PUBKEY_ALGO_EDDSA = 22 /* EdDSA (not yet assigned). */ } pubkey_algo_t; diff --git a/g10/keygen.c b/g10/keygen.c index c2c31d5..92337bb 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2198,12 +2198,8 @@ ask_curve (int *algo, int both) { if (curves[idx].fix_curve) { - log_info ("WARNING: Curve25519 is an experimental algorithm" - " and not yet standardized.\n"); - log_info (" The key format will eventually change" - " and render this key unusable!\n"); - log_info (" You also need a recent development version" - " of Libgcrypt.\n"); + log_info ("WARNING: Curve25519 is not yet part of the" + " OpenPGP standard.\n"); if (!cpr_get_answer_is_yes("experimental_curve.override", "Use this curve anyway? (y/N) ") ) diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 4b1c219..17d1911 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -58,14 +58,17 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc \ privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc \ privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \ - privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc + privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc \ + privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/ecc-sample-2-pub.asc \ samplekeys/ecc-sample-3-pub.asc \ samplekeys/ecc-sample-1-sec.asc \ samplekeys/ecc-sample-2-sec.asc \ - samplekeys/ecc-sample-3-sec.asc + samplekeys/ecc-sample-3-sec.asc \ + samplekeys/eddsa-sample-1-pub.asc \ + samplekeys/eddsa-sample-1-sec.asc EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \ mkdemodirs signdemokey $(priv_keys) $(sample_keys) diff --git a/tests/openpgp/privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc b/tests/openpgp/privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc new file mode 100644 index 0000000..49d4413 --- /dev/null +++ b/tests/openpgp/privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc @@ -0,0 +1,27 @@ +This is the unprotected private key for + +pub ed25519/97965A9A 2014-08-19 + Key fingerprint = C959 BDBA FA32 A2F8 9A15 3B67 8CFD E121 9796 5A9A + Keygrip = 0DD40284FF992CD24DC4AAC367037E066FCEE26A +uid [ unknown] EdDSA sample key 1 (draft-koch-eddsa-for-openpgp-00) + +The human readable version of the armored s-expression below is: + +(private-key + (ecc + (curve Ed25519) + (flags eddsa) + (q #403F098994BDD916ED4053197934E4A87C80733A1280D62F8010992E43EE3B2406#) + (d #1A8B1FF05DED48E18BF50166C664AB023EA70003D78D9E41F5758A91D850F8D2#) + ) + ) + +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZWNjKDU6Y3VydmU3OkVkMjU1MTkpKDU6ZmxhZ3M1 +OmVkZHNhKSgxOnEzMzpAPwmJlL3ZFu1AUxl5NOSofIBzOhKA1i+AEJkuQ+47JAYp +KDE6ZDMyOhqLH/Bd7Ujhi/UBZsZkqwI+pwAD142eQfV1ipHYUPjSKSkp +=SS8V +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index b8520c4..c30345f 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -6,3 +6,5 @@ ecc-sample-2-pub.asc A NIST P-384 ECC sample key. ecc-sample-2-sec.asc Ditto, but the secret keyblock. ecc-sample-3-pub.asc A NIST P-521 ECC sample key. ecc-sample-3-sec.asc Ditto, but the secret keyblock. +eddsa-sample-1-pub.asc An Ed25519 sample key. +eddsa-sample-1-sec.asc Ditto, but as protected secret keyblock. diff --git a/tests/openpgp/samplekeys/eddsa-sample-1-pub.asc b/tests/openpgp/samplekeys/eddsa-sample-1-pub.asc new file mode 100644 index 0000000..5a65453 --- /dev/null +++ b/tests/openpgp/samplekeys/eddsa-sample-1-pub.asc @@ -0,0 +1,15 @@ +pub ed25519/97965A9A 2014-08-19 + Key fingerprint = C959 BDBA FA32 A2F8 9A15 3B67 8CFD E121 9796 5A9A + Keygrip = 0DD40284FF992CD24DC4AAC367037E066FCEE26A +uid [ unknown] EdDSA sample key 1 (draft-koch-eddsa-for-openpgp-00) + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mDMEU/NfCxYJKwYBBAHaRw8BAQdAPwmJlL3ZFu1AUxl5NOSofIBzOhKA1i+AEJku +Q+47JAa0NEVkRFNBIHNhbXBsZSBrZXkgMSAoZHJhZnQta29jaC1lZGRzYS1mb3It +b3BlbnBncC0wMCmIeQQTFggAIQUCU/NfCwIbAwULCQgHAgYVCAkKCwIEFgIDAQIe +AQIXgAAKCRCM/eEhl5ZamnNOAP9pKn5wz3jPsgy9p65zxz1+xJEr/cczFQx/tYkk +49tkeAD+P9jJE4SFD2lVofxn1e22H7YLvcVyHDOA9gpYWTNXiAU= +=Jbi7 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/eddsa-sample-1-sec.asc b/tests/openpgp/samplekeys/eddsa-sample-1-sec.asc new file mode 100644 index 0000000..4b5fbcc --- /dev/null +++ b/tests/openpgp/samplekeys/eddsa-sample-1-sec.asc @@ -0,0 +1,19 @@ +sec ed25519/97965A9A 2014-08-19 + Key fingerprint = C959 BDBA FA32 A2F8 9A15 3B67 8CFD E121 9796 5A9A + Keygrip = 0DD40284FF992CD24DC4AAC367037E066FCEE26A +uid [ unknown] EdDSA sample key 1 (draft-koch-eddsa-for-openpgp-00) + +The passphrase is "abc". + +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v2 + +lIYEU/NfCxYJKwYBBAHaRw8BAQdAPwmJlL3ZFu1AUxl5NOSofIBzOhKA1i+AEJku +Q+47JAb+BwMCeZTNZ5R2udDknlhWE5VnJaHe+HFieLlfQA+nibymcJS5lTYL7NP+ +3CY63ylHwHoS7PuPLpdbEvROJ60u6+a/bSe86jRcJODR6rN2iG9v5LQ0RWREU0Eg +c2FtcGxlIGtleSAxIChkcmFmdC1rb2NoLWVkZHNhLWZvci1vcGVucGdwLTAwKYh5 +BBMWCAAhBQJT818LAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEIz94SGX +llqac04A/2kqfnDPeM+yDL2nrnPHPX7EkSv9xzMVDH+1iSTj22R4AP4/2MkThIUP +aVWh/GfV7bYftgu9xXIcM4D2ClhZM1eIBQ== +=+9EF +-----END PGP PRIVATE KEY BLOCK----- ----------------------------------------------------------------------- Summary of changes: common/openpgpdefs.h | 4 +-- g10/keygen.c | 8 ++---- tests/openpgp/Makefile.am | 7 +++-- .../0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc | 27 ++++++++++++++++++++ tests/openpgp/samplekeys/README | 2 ++ tests/openpgp/samplekeys/eddsa-sample-1-pub.asc | 15 +++++++++++ tests/openpgp/samplekeys/eddsa-sample-1-sec.asc | 19 ++++++++++++++ 7 files changed, 72 insertions(+), 10 deletions(-) create mode 100644 tests/openpgp/privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc create mode 100644 tests/openpgp/samplekeys/eddsa-sample-1-pub.asc create mode 100644 tests/openpgp/samplekeys/eddsa-sample-1-sec.asc hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 12 12:12:18 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 12 Sep 2014 12:12:18 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.15-3-gc307e1f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via c307e1f801cd9a25c4a5b9a90073362219d52ee6 (commit) from e1882ee8c541020ec590bf096508ca5b6d2ab944 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c307e1f801cd9a25c4a5b9a90073362219d52ee6 Author: Werner Koch Date: Fri Sep 12 12:03:17 2014 +0200 Fix es_fclose for streams opened with "samethread". * src/estream.c (destroy_stream_lock): New. (es_create, do_close): Use new wrapper function. diff --git a/src/estream.c b/src/estream.c index d16938e..1bff535 100644 --- a/src/estream.c +++ b/src/estream.c @@ -343,6 +343,18 @@ init_stream_lock (estream_t _GPGRT__RESTRICT stream) static void +destroy_stream_lock (estream_t _GPGRT__RESTRICT stream) +{ + if (!stream->intern->samethread) + { + dbg_lock_1 ("enter destroy_stream_lock for %p\n", stream); + _gpgrt_lock_destroy (&stream->intern->lock); + dbg_lock_1 ("leave destroy_stream_lock for %p\n", stream); + } +} + + +static void lock_stream (estream_t _GPGRT__RESTRICT stream) { if (!stream->intern->samethread) @@ -1821,7 +1833,7 @@ es_create (estream_t *stream, void *cookie, es_syshd_t *syshd, if (stream_new) { es_deinitialize (stream_new); - _gpgrt_lock_destroy (&stream_new->intern->lock); + destroy_stream_lock (stream_new); mem_free (stream_new->intern); mem_free (stream_new); } @@ -1850,7 +1862,7 @@ do_close (estream_t stream, int with_locked_list) stream->intern->onclose = tmp; } err = es_deinitialize (stream); - _gpgrt_lock_destroy (&stream->intern->lock); + destroy_stream_lock (stream); mem_free (stream->intern); mem_free (stream); } ----------------------------------------------------------------------- Summary of changes: src/estream.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Sun Sep 14 19:28:35 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 14 Sep 2014 19:28:35 +0200 Subject: [git] gnupg-doc - branch, master, updated. 96c1d83f9b4b74cca4b1304be795ae54424dbc79 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 96c1d83f9b4b74cca4b1304be795ae54424dbc79 (commit) from 3f77c492df0fb50dcecf0b324998cec845569b1d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 96c1d83f9b4b74cca4b1304be795ae54424dbc79 Author: Werner Koch Date: Sun Sep 14 18:27:41 2014 +0200 web: Add imprint page. diff --git a/web/imprint.org b/web/imprint.org new file mode 100644 index 0000000..970e007 --- /dev/null +++ b/web/imprint.org @@ -0,0 +1,23 @@ +#+TITLE: GnuPG - Imprint +#+STARTUP: showall +#+SETUPFILE: "share/setup.inc" + +* Imprint + + GnuPG is an international community project run by volunteers and + not a legal entity. The technical resources are provided by: + + g10 Code GmbH\\ + H?ttenstr. 61\\ + D-40699 Erkrath\\ + Germany + + g10 Code GmbH is registered at Amtsgericht + Wuppertal under HRB 14459.\\ + Gesch?ftsf?hrung: Werner Koch.\\ + VAT-Id: DE215605608.\\ + Phone: +49-2104-173855 + + Note that we provide the phone number only for legal reasons. + Please do not call g10^code to ask for free support. For paid + support see their [[https://g10code.com/contact.html][contact page]]. diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 520466f..46bc760 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -105,6 +105,9 @@ if not available." ("/privacy-policy.html" "Privacy Policy" ()) + ("/imprint.html" + "Imprint" + ()) ("/misc/index.html" "Archive" ()) ----------------------------------------------------------------------- Summary of changes: web/imprint.org | 23 +++++++++++++++++++++++ web/share/gpgweb.el | 3 +++ 2 files changed, 26 insertions(+) create mode 100644 web/imprint.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 17 15:12:02 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 17 Sep 2014 15:12:02 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-33-g457bce5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 457bce5cd39146df047e4740162125c32c738789 (commit) from 83c2d2396cc9fa6bdd887a560830fc0f48b01b08 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 457bce5cd39146df047e4740162125c32c738789 Author: Werner Koch Date: Wed Sep 17 15:12:08 2014 +0200 gpg: Improve passphrase caching. * agent/cache.c (last_stored_cache_key): New. (agent_get_cache): Allow NULL for KEY. (agent_store_cache_hit): New. * agent/findkey.c (unprotect): Call new function and try to use the last stored key. * g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to make_keysig_packet. (gen_standard_revoke): Add arg CACHE_NONCE and pass to create_revocation. * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with cache nonce. -- This patch adds two features: 1. The key for the last passphrase successfully used for unprotecting a key is stored away. On a cache miss the stored away passphrase is tried as well. This helps for the common GPG use case of having a signing and encryption (sub)key with the same passphrase. See the code for more comments. 2. The now auto-generated revocation certificate does not anymore popup a passphrase prompt. Thus for standard key generation the passphrase needs to be given only once (well, two with the confirmation). diff --git a/agent/agent.h b/agent/agent.h index 4ed8c7f..a420bae 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -364,6 +364,7 @@ void agent_flush_cache (void); int agent_put_cache (const char *key, cache_mode_t cache_mode, const char *data, int ttl); char *agent_get_cache (const char *key, cache_mode_t cache_mode); +void agent_store_cache_hit (const char *key); /*-- pksign.c --*/ diff --git a/agent/cache.c b/agent/cache.c index d4deaeb..49402e4 100644 --- a/agent/cache.c +++ b/agent/cache.c @@ -65,6 +65,9 @@ struct cache_item_s { /* The cache himself. */ static ITEM thecache; +/* NULL or the last cache key stored by agent_store_cache_hit. */ +static char *last_stored_cache_key; + /* This function must be called once to initialize this module. It has to be done before a second thread is spawned. */ @@ -388,12 +391,24 @@ agent_get_cache (const char *key, cache_mode_t cache_mode) ITEM r; char *value = NULL; int res; + int last_stored = 0; if (cache_mode == CACHE_MODE_IGNORE) return NULL; + if (!key) + { + key = last_stored_cache_key; + if (!key) + return NULL; + last_stored = 1; + } + + if (DBG_CACHE) - log_debug ("agent_get_cache '%s' (mode %d) ...\n", key, cache_mode); + log_debug ("agent_get_cache '%s' (mode %d)%s ...\n", + key, cache_mode, + last_stored? " (stored cache key)":""); housekeeping (); for (r=thecache; r; r = r->next) @@ -404,6 +419,7 @@ agent_get_cache (const char *key, cache_mode_t cache_mode) || r->cache_mode == cache_mode) && !strcmp (r->key, key)) { + /* Note: To avoid races KEY may not be accessed anymore below. */ r->accessed = gnupg_get_time (); if (DBG_CACHE) log_debug ("... hit\n"); @@ -442,3 +458,14 @@ agent_get_cache (const char *key, cache_mode_t cache_mode) return NULL; } + + +/* Store the key for the last successful cache hit. That value is + used by agent_get_cache if the requested KEY is given as NULL. + NULL may be used to remove that key. */ +void +agent_store_cache_hit (const char *key) +{ + xfree (last_stored_cache_key); + last_stored_cache_key = key? xtrystrdup (key) : NULL; +} diff --git a/agent/findkey.c b/agent/findkey.c index 5ff263e..fbe3031 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -372,6 +372,8 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen); if (!rc) { + if (cache_mode == CACHE_MODE_NORMAL) + agent_store_cache_hit (hexgrip); if (r_passphrase) *r_passphrase = pw; else @@ -383,6 +385,45 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, xfree (pw); rc = 0; } + else if (cache_mode == CACHE_MODE_NORMAL) + { + /* The standard use of GPG keys is to have a signing and an + encryption subkey. Commonly both use the same + passphrase. We try to help the user to enter the + passphrase only once by silently trying the last + correctly entered passphrase. Checking one additional + passphrase should be acceptable; despite the S2K + introduced delays. The assumed workflow is: + + 1. Read encrypted message in a MUA and thus enter a + passphrase for the encryption subkey. + + 2. Reply to that mail with an encrypted and signed + mail, thus entering the passphrase for the signing + subkey. + + We can often avoid the passphrase entry in the second + step. We do this only in normal mode, so not to + interfere with unrelated cache entries. */ + pw = agent_get_cache (NULL, cache_mode); + if (pw) + { + rc = agent_unprotect (ctrl, *keybuf, pw, NULL, + &result, &resultlen); + if (!rc) + { + if (r_passphrase) + *r_passphrase = pw; + else + xfree (pw); + xfree (*keybuf); + *keybuf = result; + return 0; + } + xfree (pw); + rc = 0; + } + } /* If the pinentry is currently in use, we wait up to 60 seconds for it to close and check the cache again. This solves a common @@ -460,6 +501,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, { agent_put_cache (hexgrip, cache_mode, pi->pin, lookup_ttl? lookup_ttl (hexgrip) : 0); + agent_store_cache_hit (hexgrip); if (r_passphrase && *pi->pin) *r_passphrase = xtrystrdup (pi->pin); } diff --git a/g10/keygen.c b/g10/keygen.c index 92337bb..4ae34bf 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4115,7 +4115,7 @@ do_generate_keypair (struct para_data_s *para, update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK) | TRUST_ULTIMATE )); - gen_standard_revoke (pk); + gen_standard_revoke (pk, cache_nonce); if (!opt.batch) { diff --git a/g10/main.h b/g10/main.h index 4eb1b5f..44c4478 100644 --- a/g10/main.h +++ b/g10/main.h @@ -333,7 +333,7 @@ int enarmor_file( const char *fname ); /*-- revoke.c --*/ struct revocation_reason_info; -int gen_standard_revoke (PKT_public_key *psk); +int gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce); int gen_revoke( const char *uname ); int gen_desig_revoke( const char *uname, strlist_t locusr); int revocation_reason_build_cb( PKT_signature *sig, void *opaque ); diff --git a/g10/revoke.c b/g10/revoke.c index 67f62e5..019c62c 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -443,7 +443,8 @@ create_revocation (const char *filename, struct revocation_reason_info *reason, PKT_public_key *psk, kbnode_t keyblock, - const char *leadintext, int suffix) + const char *leadintext, int suffix, + const char *cache_nonce) { int rc; iobuf_t out = NULL; @@ -466,7 +467,7 @@ create_revocation (const char *filename, rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0, opt.force_v4_certs? 4:0, 0, 0, - revocation_reason_build_cb, reason, NULL); + revocation_reason_build_cb, reason, cache_nonce); if (rc) { log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc)); @@ -511,9 +512,10 @@ create_revocation (const char *filename, by gpg's interactive key generation function. The certificate is stored at a dedicated place in a slightly modified form to avoid an accidental import. PSK is the primary key; a corresponding secret - key must be available. */ + key must be available. CACHE_NONCE is optional but can be used to + help gpg-agent to avoid an extra passphrase prompt. */ int -gen_standard_revoke (PKT_public_key *psk) +gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce) { int rc; estream_t memfp; @@ -573,7 +575,7 @@ gen_standard_revoke (PKT_public_key *psk) reason.code = 0x00; /* No particular reason. */ reason.desc = NULL; - rc = create_revocation (fname, &reason, psk, NULL, leadin, 3); + rc = create_revocation (fname, &reason, psk, NULL, leadin, 3, cache_nonce); xfree (leadin); xfree (fname); @@ -662,7 +664,7 @@ gen_revoke (const char *uname) if (!opt.armor) tty_printf (_("ASCII armored output forced.\n")); - rc = create_revocation (NULL, reason, psk, keyblock, NULL, 0); + rc = create_revocation (NULL, reason, psk, keyblock, NULL, 0, NULL); if (rc) goto leave; ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 1 + agent/cache.c | 29 ++++++++++++++++++++++++++++- agent/findkey.c | 42 ++++++++++++++++++++++++++++++++++++++++++ g10/keygen.c | 2 +- g10/main.h | 2 +- g10/revoke.c | 14 ++++++++------ 6 files changed, 81 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 17 22:17:08 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 17 Sep 2014 22:17:08 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-36-g36125f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 36125f9c30f7d004f1e4552840211553ef6892f2 (commit) via 3baf7a1652ef2e48088f22fd636769c5ce080c24 (commit) from ae3d1bbb65b65cf3c57bb14886be120f5e31635d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 36125f9c30f7d004f1e4552840211553ef6892f2 Author: Werner Koch Date: Wed Sep 17 21:33:32 2014 +0200 speedo: Improve speedo Makefile. -- Building for the native platform is now a mere make -f build-aux/speedo.mk native You may also use "help" as target. diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index f81a835..ae84d66 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -45,6 +45,60 @@ # We need to know our own name. SPEEDO_MK := $(realpath $(lastword $(MAKEFILE_LIST))) +.PHONY : help native native-gui w32-installer w32-source +.PHONY : git-native git-native-gui git-w32-installer git-w32-source +.PHONY : this-native this-native-gui this-w32-installer this-w32-source + +help: + @echo 'usage: make -f speedo.mk TARGET' + @echo ' with TARGET being one of:' + @echo ' help This help' + @echo ' native Native build of the GnuPG core' + @echo ' native-gui Ditto but with pinentry and GPA' + @echo ' w32-installer Build a Windows installer' + @echo ' w32-source Pack a source archive' + @echo + @echo 'Prepend TARGET with "git-" to build from GIT repos' + @echo 'Prepend TARGET with "this-" to build from the source tarball' + +SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1 + +native: + $(SPEEDOMAKE) TARGETOS=native WHAT=release WITH_GUI=0 all + +git-native: + $(SPEEDOMAKE) TARGETOS=native WHAT=git WITH_GUI=0 all + +this-native: + $(SPEEDOMAKE) TARGETOS=native WHAT=this WITH_GUI=0 all + +native-gui: + $(SPEEDOMAKE) TARGETOS=native WHAT=release WITH_GUI=1 all + +git-native-gui: + $(SPEEDOMAKE) TARGETOS=native WHAT=git WITH_GUI=1 all + +this-native-gui: + $(SPEEDOMAKE) TARGETOS=native WHAT=this WITH_GUI=1 all + +w32-installer: + $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=1 installer + +git-w32-installer: + $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 installer + +this-w32-installer: + $(SPEEDOMAKE) TARGETOS=w32 WHAT=this WITH_GUI=1 installer + +w32-source: + $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=1 dist-source + +git-w32-source: + $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 dist-source + +this-w32-source: + $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 dist-source + # Set this to "git" to build from git, # to "release" from tarballs, @@ -54,6 +108,12 @@ WHAT=git # Set target to "native" or "w32" TARGETOS=w32 +# Set to 1 to build the GUI tools +WITH_GUI=0 + +# Set to 1 to really download the swdb. +UPD_SWDB=0 + # Set to the location of the directory with tarballs of # external packages. TARBALLS=$(shell pwd)/../tarballs @@ -108,8 +168,11 @@ speedo_spkgs += \ gdk-pixbuf atk pixman cairo pango gtk+ endif + +ifeq ($(WITH_GUI),1) speedo_spkgs += \ pinentry gpa +endif ifeq ($(TARGETOS),w32) speedo_spkgs += \ @@ -134,6 +197,7 @@ speedo_make_only_style = \ zlib # Get the content of the software DB. +ifeq ($(UPD_SWDB),1) SWDB := $(shell $(topsrc)/build-aux/getswdb.sh && echo okay) ifeq ($(strip $(SWDB)),) $(error Error getting GnuPG software version database) @@ -141,15 +205,33 @@ endif # Version numbers of the released packages gnupg_ver = $(shell cat $(topsrc)/VERSION) -libgpg_error_ver = $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst) -npth_ver = $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst) -libgcrypt_ver = $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst) -libassuan_ver = $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst) -libksba_ver = $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst) -gpgme_ver = $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst) -pinentry_ver = $(shell awk '$$1=="pinentry_ver" {print $$2}' swdb.lst) -gpa_ver = $(shell awk '$$1=="gpa_ver" {print $$2}' swdb.lst) -gpgex_ver = $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst) + +libgpg_error_ver := $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst) +libgpg_error_sha1:= $(shell awk '$$1=="libgpg_error_sha1" {print $$2}' swdb.lst) + +npth_ver := $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst) +npth_sha1 := $(shell awk '$$1=="npth_sha1" {print $$2}' swdb.lst) + +libgcrypt_ver := $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst) +libgcrypt_sha1 := $(shell awk '$$1=="libgcrypt_sha1" {print $$2}' swdb.lst) + +libassuan_ver := $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst) +libassuan_sha1 := $(shell awk '$$1=="libassuan_sha1" {print $$2}' swdb.lst) + +libksba_ver := $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst) +libksba_sha1 := $(shell awk '$$1=="libksba_sha1" {print $$2}' swdb.lst) + +gpgme_ver := $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst) +gpgme_sha1 := $(shell awk '$$1=="gpgme_sha1" {print $$2}' swdb.lst) + +pinentry_ver := $(shell awk '$$1=="pinentry_ver" {print $$2}' swdb.lst) +pinentry_sha1 := $(shell awk '$$1=="pinentry_sha1" {print $$2}' swdb.lst) + +gpa_ver := $(shell awk '$$1=="gpa_ver" {print $$2}' swdb.lst) +gpa_sha1 := $(shell awk '$$1=="gpa_sha1" {print $$2}' swdb.lst) + +gpgex_ver := $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst) +gpgex_sha1 := $(shell awk '$$1=="gpgex_sha1" {print $$2}' swdb.lst) $(info Information from the version database) $(info GnuPG ..........: $(gnupg_ver)) @@ -161,7 +243,7 @@ $(info GPGME ..........: $(gpgme_ver)) $(info Pinentry .......: $(pinentry_ver)) $(info GPA ............: $(gpa_ver)) $(info GpgEX.... ......: $(gpgex_ver)) - +endif # Version number for external packages pkg_config_ver = 0.23 @@ -324,6 +406,7 @@ speedo_pkg_w64_gpgex_configure = \ # External packages # +ifeq ($(TARGETOS),w32) speedo_pkg_zlib_make_args = \ -fwin32/Makefile.gcc PREFIX=$(host)- IMPLIB=libz.dll.a @@ -353,6 +436,9 @@ echo "dlpreopen=''" >> lib/libz.la; \ echo "libdir=\"$(idir)/lib\"" >> lib/libz.la) endef +endif + + speedo_pkg_w64_libiconv_configure = \ --enable-shared=no --enable-static=yes @@ -370,7 +456,7 @@ speedo_pkg_gettext_make_dir = gettext-runtime speedo_pkg_glib_configure = \ --disable-modular-tests \ - --with-lib-prefix=$(idir) --with-libiconv-prefix=$(idir) \ + --with-libiconv=gnu \ CPPFLAGS=-I$(idir)/include \ LDFLAGS=-L$(idir)/lib \ CCC=$(host)-g++ \ @@ -380,19 +466,36 @@ ifeq ($(TARGETOS),w32) speedo_pkg_glib_extracflags = -march=i486 endif +ifeq ($(TARGETOS),w32) speedo_pkg_libpng_configure = \ CPPFLAGS=\"-I$(idir)/include -DPNG_BUILD_DLL\" \ LDFLAGS=\"-L$(idir)/lib\" LIBPNG_DEFINES=\"-DPNG_BUILD_DLL\" +else +speedo_pkg_libpng_configure = \ + CPPFLAGS=\"-I$(idir)/include\" \ + LDFLAGS=\"-L$(idir)/lib\" +endif + +ifneq ($(TARGETOS),w32) +speedo_pkg_gdk_pixbuf_configure = --without-libtiff --without-libjpeg +endif speedo_pkg_pixman_configure = \ CPPFLAGS=-I$(idir)/include \ LDFLAGS=-L$(idir)/lib +ifeq ($(TARGETOS),w32) speedo_pkg_cairo_configure = \ --disable-qt --disable-ft --disable-fc \ --enable-win32 --enable-win32-font \ CPPFLAGS=-I$(idir)/include \ LDFLAGS=-L$(idir)/lib +else +speedo_pkg_cairo_configure = \ + --disable-qt \ + CPPFLAGS=-I$(idir)/include \ + LDFLAGS=-L$(idir)/lib +endif speedo_pkg_pango_configure = \ --disable-gtk-doc \ @@ -490,60 +593,76 @@ endef # Set a couple of common variables. define SETVARS - pkg="$(1)"; \ - git="$(call GETVAR,speedo_pkg_$(1)_git)"; \ - gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)"; \ - tar="$(call GETVAR,speedo_pkg_$(1)_tar)"; \ - pkgsdir="$(sdir)/$(1)"; \ - if [ "$(1)" = "gnupg" ]; then \ - git=''; \ - gitref=''; \ - tar=''; \ + pkg="$(1)"; \ + git="$(call GETVAR,speedo_pkg_$(1)_git)"; \ + gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)"; \ + tar="$(call GETVAR,speedo_pkg_$(1)_tar)"; \ + sha1="$(call GETVAR,$(1)_sha1)"; \ + pkgsdir="$(sdir)/$(1)"; \ + if [ "$(1)" = "gnupg" ]; then \ + git=''; \ + gitref=''; \ + tar=''; \ pkgsdir="$(topsrc)"; \ fi; \ - pkgbdir="$(bdir)/$(1)"; \ - pkgcfg="$(call GETVAR,speedo_pkg_$(1)_configure)"; \ - pkgextracflags="$(call GETVAR,speedo_pkg_$(1)_extracflags)"; \ - pkgmkdir="$(call GETVAR,speedo_pkg_$(1)_make_dir)"; \ - pkgmkargs="$(call GETVAR,speedo_pkg_$(1)_make_args)"; \ - pkgmkargs_inst="$(call GETVAR,speedo_pkg_$(1)_make_args_inst)"; \ - export PKG_CONFIG="/usr/bin/pkg-config"; \ - export PKG_CONFIG_PATH="$(idir)/lib/pkgconfig"; \ - export PKG_CONFIG_LIBDIR=""; \ - export SYSROOT="$(idir)"; \ - export PATH="$(idir)/bin:$${PATH}"; \ - export LD_LIBRARY_PATH="$(idir)/lib:$${LD_LIBRARY_PATH}" + pkgbdir="$(bdir)/$(1)"; \ + pkgcfg="$(call GETVAR,speedo_pkg_$(1)_configure)"; \ + tmp="$(speedo_w32_cflags) \ + $(call GETVAR,speedo_pkg_$(1)_extracflags)"; \ + if [ x$$$$(echo "$$$$tmp" | tr -d '[:space:]')x != xx ]; then \ + pkgextracflags="CFLAGS=\"$$$$tmp\""; \ + else \ + pkgextracflags=; \ + fi; \ + pkgmkdir="$(call GETVAR,speedo_pkg_$(1)_make_dir)"; \ + pkgmkargs="$(call GETVAR,speedo_pkg_$(1)_make_args)"; \ + pkgmkargs_inst="$(call GETVAR,speedo_pkg_$(1)_make_args_inst)"; \ + pkgmkargs_uninst="$(call GETVAR,speedo_pkg_$(1)_make_args_uninst)"; \ + export PKG_CONFIG="/usr/bin/pkg-config"; \ + export PKG_CONFIG_PATH="$(idir)/lib/pkgconfig"; \ + [ "$(TARGETOS)" != native ] && export PKG_CONFIG_LIBDIR=""; \ + export SYSROOT="$(idir)"; \ + export PATH="$(idir)/bin:$${PATH}"; \ + export LD_LIBRARY_PATH="$(idir)/lib:$${LD_LIBRARY_PATH}" endef define SETVARS_W64 - pkg="$(1)"; \ - git="$(call GETVAR,speedo_pkg_$(1)_git)"; \ - gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)"; \ - tar="$(call GETVAR,speedo_pkg_$(1)_tar)"; \ - pkgsdir="$(sdir)/$(1)"; \ - if [ "$(1)" = "gnupg" ]; then \ - git=''; \ - gitref=''; \ - tar=''; \ + pkg="$(1)"; \ + git="$(call GETVAR,speedo_pkg_$(1)_git)"; \ + gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)"; \ + tar="$(call GETVAR,speedo_pkg_$(1)_tar)"; \ + sha1="$(call GETVAR,$(1)_sha1)"; \ + pkgsdir="$(sdir)/$(1)"; \ + if [ "$(1)" = "gnupg" ]; then \ + git=''; \ + gitref=''; \ + tar=''; \ pkgsdir="$(topsrc)"; \ fi; \ - pkgbdir="$(bdir6)/$(1)"; \ - pkgcfg="$(call GETVAR,speedo_pkg_w64_$(1)_configure)"; \ - pkgextracflags="$(call GETVAR,speedo_pkg_$(1)_extracflags)"; \ - pkgmkdir="$(call GETVAR,speedo_pkg_$(1)_make_dir)"; \ - pkgmkargs="$(call GETVAR,speedo_pkg_$(1)_make_args)"; \ - pkgmkargs_inst="$(call GETVAR,speedo_pkg_$(1)_make_args_inst)"; \ - export PKG_CONFIG="/usr/bin/pkg-config"; \ - export PKG_CONFIG_PATH="$(idir6)/lib/pkgconfig"; \ - export PKG_CONFIG_LIBDIR=""; \ - export SYSROOT="$(idir6)"; \ - export PATH="$(idir6)/bin:$${PATH}"; \ - export LD_LIBRARY_PATH="$(idir6)/lib:$${LD_LIBRARY_PATH}" + pkgbdir="$(bdir6)/$(1)"; \ + pkgcfg="$(call GETVAR,speedo_pkg_w64_$(1)_configure)"; \ + tmp="$(speedo_w32_cflags) \ + $(call GETVAR,speedo_pkg_$(1)_extracflags)"; \ + if [ x$$$$(echo "$$$$tmp" | tr -d '[:space:]')x != xx ]; then \ + pkgextracflags="CFLAGS=\"$$$$tmp\""; \ + else \ + pkgextracflags=; \ + fi; \ + pkgmkdir="$(call GETVAR,speedo_pkg_$(1)_make_dir)"; \ + pkgmkargs="$(call GETVAR,speedo_pkg_$(1)_make_args)"; \ + pkgmkargs_inst="$(call GETVAR,speedo_pkg_$(1)_make_args_inst)"; \ + pkgmkargs_uninst="$(call GETVAR,speedo_pkg_$(1)_make_args_uninst)"; \ + export PKG_CONFIG="/usr/bin/pkg-config"; \ + export PKG_CONFIG_PATH="$(idir6)/lib/pkgconfig"; \ + [ "$(TARGETOS)" != native ] && export PKG_CONFIG_LIBDIR=""; \ + export SYSROOT="$(idir6)"; \ + export PATH="$(idir6)/bin:$${PATH}"; \ + export LD_LIBRARY_PATH="$(idir6)/lib:$${LD_LIBRARY_PATH}" endef # Template for source packages. -# + # Note that the gnupg package is special: The package source dir is # the same as the topsrc dir and thus we need to detect the gnupg # package and cd to that directory. We also test that no in-source build @@ -580,11 +699,27 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories *.xz) opt=J ;; \ *) opt= ;; \ esac; \ + [ -f tmp.tgz ] && rm tmp.tgz; \ case "$$$${tar}" in \ - /*) cmd=cat ;; \ - *) cmd="wget -q -O -" ;; \ + /*) tar x$$$${opt}f - < $$$${tar} ;; \ + *) wget -q -O - $$$${tar} | tee tmp.tgz | tar x$$$${opt}f - ;; \ esac; \ - $$$${cmd} "$$$${tar}" | tar x$$$${opt}f - ; \ + if [ -f tmp.tgz ]; then \ + if [ -n "$$$${sha1}" ]; then \ + tmp=$$$$(sha1sum /dev/null && \ $(MAKE) --no-print-directory \ - $$$${pkgmkargs_inst} uninstall V=0 ) || true ;\ + $$$${pkgmkargs_uninst} uninstall V=0 ) || true;\ if [ "$(1)" = "gnupg" ]; then \ rm -fR "$$$${pkgbdir}" || true ;\ else \ @@ -851,7 +983,7 @@ w32_insthelpers: $(bdir)/g4wihelp.dll $(bdir)/inst-options.ini: $(w32src)/inst-options.ini cat $(w32src)/inst-options.ini >$(bdir)/inst-options.ini -installer: all w32_insthelpers $(bdir)/inst-options.ini $(bdir)/README.txt +installer: all w32_insthelpers $(w32dir)/inst-options.ini $(bdir)/README.txt $(MAKENSIS) -V2 \ -DINST_DIR=$(idir) \ -DINST6_DIR=$(idir6) \ @@ -868,5 +1000,5 @@ installer: all w32_insthelpers $(bdir)/inst-options.ini $(bdir)/README.txt # # Mark phony targets # -.PHONY: all-speedo report-speedo clean-stamps clean-speedo installer \ +.PHONY: all all-speedo report-speedo clean-stamps clean-speedo installer \ w32_insthelpers diff --git a/build-aux/speedo/patches/libiconv-1.14.patch b/build-aux/speedo/patches/libiconv-1.14.patch new file mode 100755 index 0000000..5e60689 --- /dev/null +++ b/build-aux/speedo/patches/libiconv-1.14.patch @@ -0,0 +1,19 @@ +#! /bin/sh +patch -p0 -l -f $* < $0 +exit $? + +On some systems the gets macro has been removed and thus the test +leads to an unresolved symbol error. + +--- srclib/stdio.in.h~ 2011-08-07 15:42:06.000000000 +0200 ++++ srclib/stdio.in.h 2014-09-04 13:07:07.079024312 +0200 +@@ -691,11 +691,6 @@ + _GL_CXXALIAS_SYS (gets, char *, (char *s)); + # undef gets + # endif +-_GL_CXXALIASWARN (gets); +-/* It is very rare that the developer ever has full control of stdin, +- so any use of gets warrants an unconditional warning. Assume it is +- always declared, since it is required by C89. */ +-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); + #endif commit 3baf7a1652ef2e48088f22fd636769c5ce080c24 Author: Werner Koch Date: Wed Sep 17 19:31:27 2014 +0200 po: Auto-update -- diff --git a/po/de.po b/po/de.po index a41433b..8804b24 100644 --- a/po/de.po +++ b/po/de.po @@ -3265,6 +3265,14 @@ msgstr "" "WARNUNG: Keine User-ID ist als prim?r markiert. Dieser Befehl kann\n" "dazu f?hren, da? eine andere User-ID als prim?r angesehen wird.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Sie k?nnen das Verfallsdatum eines v3-Schl?ssels nicht ?ndern\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" diff --git a/po/fr.po b/po/fr.po index 4b0bfd1..11f724a 100644 --- a/po/fr.po +++ b/po/fr.po @@ -3310,6 +3310,14 @@ msgstr "" "commande\n" " risque de rendre une autre identit? principale par d?faut.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Vous ne pouvez pas modifier la date d'expiration d'une clef?v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" diff --git a/po/ja.po b/po/ja.po index 87f5a23..73de77a 100644 --- a/po/ja.po +++ b/po/ja.po @@ -3181,6 +3181,14 @@ msgstr "" "*??*: ??????ID?????????????????\n" " ???ID??????????????????\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "v3??????????????\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" diff --git a/po/uk.po b/po/uk.po index aa4b4df..9a7090e 100644 --- a/po/uk.po +++ b/po/uk.po @@ -3287,6 +3287,14 @@ msgstr "" " ???? ??????? ????? ??????? ???????? ????? ????????????? " "???????????.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "?? ????? ????????? ???? ?????????? ?????? ??? ????? v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 276 +++++++++++++++++++------- build-aux/speedo/patches/libiconv-1.14.patch | 19 ++ po/de.po | 8 + po/fr.po | 8 + po/ja.po | 8 + po/uk.po | 8 + 6 files changed, 255 insertions(+), 72 deletions(-) create mode 100755 build-aux/speedo/patches/libiconv-1.14.patch hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 18 09:39:28 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Sep 2014 09:39:28 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.0-22-g1fb7a2d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 1fb7a2ddffcdb94bdd37521f46e69d530afd94f2 (commit) via 447784c718c817ab8036af7d81ce5a6bbb1f1df0 (commit) from 17b7e056530179a3aad2398a2a096f494a22b248 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1fb7a2ddffcdb94bdd37521f46e69d530afd94f2 Author: Werner Koch Date: Thu Sep 18 09:39:41 2014 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index 4da0134..7929dd4 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.3.2 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.3.1 (2014-09-18) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index f556319..85311aa 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.10" # bump the version number immediately after the release and do another # commit and push so that the git magic is able to work. See below # for the LT versions. -m4_define(mym4_version, [1.3.1]) +m4_define(mym4_version, [1.3.2]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit 447784c718c817ab8036af7d81ce5a6bbb1f1df0 Author: Werner Koch Date: Thu Sep 18 09:31:41 2014 +0200 Release 1.3.1. * configure.ac: Set LT version to C19/A11/R2. diff --git a/AUTHORS b/AUTHORS index 395e93f..e479889 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,4 +1,6 @@ Program: Libksba +Download: ftp://ftp.gnupg.org/gcrypt/libksba/ +Repository: git://git.gnupg.org/libksba.git Maintainer: Werner Koch Bug reports: http://bugs.gnupg.org Security related bug reports: diff --git a/NEWS b/NEWS index d8bf107..4da0134 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ -Noteworthy changes in version 1.3.1 (unreleased) +Noteworthy changes in version 1.3.1 (2014-09-18) ------------------------------------------------ + * Fixed memory leak in CRL parsing. + + * Build fixes for Windows, Android, and ppc64el. + Noteworthy changes in version 1.3.0 (2012-09-27) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 372c20c..f556319 100644 --- a/configure.ac +++ b/configure.ac @@ -52,7 +52,7 @@ AC_INIT([libksba],[mym4_full_version],[http://bugs.gnupg.org]) # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=19 LIBKSBA_LT_AGE=11 -LIBKSBA_LT_REVISION=1 +LIBKSBA_LT_REVISION=2 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 ++ NEWS | 10 +++++++++- configure.ac | 4 ++-- 3 files changed, 13 insertions(+), 3 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 18 11:39:48 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Sep 2014 11:39:48 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-37-g2f065d7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2f065d7ab6c514013eb8504281f50284764c26ec (commit) from 36125f9c30f7d004f1e4552840211553ef6892f2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2f065d7ab6c514013eb8504281f50284764c26ec Author: Werner Koch Date: Thu Sep 18 11:08:45 2014 +0200 speedo: Various fixes * build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org. Minor other fixes. diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index ae84d66..3c7ce72 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -148,7 +148,7 @@ speedo_spkgs = \ ifeq ($(TARGETOS),w32) speedo_spkgs += \ - zlib libiconv gettext + zlib bzip2 libiconv gettext endif speedo_spkgs += \ @@ -194,7 +194,7 @@ speedo_gnupg_style = \ # Packages which use only make and no build directory speedo_make_only_style = \ - zlib + zlib bzip2 # Get the content of the software DB. ifeq ($(UPD_SWDB),1) @@ -233,12 +233,20 @@ gpa_sha1 := $(shell awk '$$1=="gpa_sha1" {print $$2}' swdb.lst) gpgex_ver := $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst) gpgex_sha1 := $(shell awk '$$1=="gpgex_sha1" {print $$2}' swdb.lst) +zlib_ver := $(shell awk '$$1=="zlib_ver" {print $$2}' swdb.lst) +zlib_sha1 := $(shell awk '$$1=="zlib_sha1_gz" {print $$2}' swdb.lst) + +bzip2_ver := $(shell awk '$$1=="bzip2_ver" {print $$2}' swdb.lst) +bzip2_sha1 := $(shell awk '$$1=="bzip2_sha1_gz" {print $$2}' swdb.lst) + $(info Information from the version database) $(info GnuPG ..........: $(gnupg_ver)) $(info Libgpg-error ...: $(libgpg_error_ver)) $(info Npth ...........: $(npth_ver)) $(info Libgcrypt ......: $(libgcrypt_ver)) $(info Libassuan ......: $(libassuan_ver)) +$(info Zlib ...........: $(zlib_ver)) +$(info Bzip2 ..........: $(bzip2_ver)) $(info GPGME ..........: $(gpgme_ver)) $(info Pinentry .......: $(pinentry_ver)) $(info GPA ............: $(gpa_ver)) @@ -267,6 +275,7 @@ gitrep = ${HOME}/s # The tarball directories pkgrep = ftp://ftp.gnupg.org/gcrypt +pkg10rep = ftp://ftp.g10code.com/g10code pkg2rep = $(TARBALLS) # For each package, the following variables can be defined: @@ -329,13 +338,14 @@ else ifeq ($(WHAT),release) speedo_pkg_gpa_tar = \ $(pkgrep)/gpa/gpa-$(gpa_ver).tar.bz2 speedo_pkg_gpgex_tar = \ - $(pkgrep)/gpex/gpgex-$(gpa_ver).tar.bz2 + $(pkg10rep)/gpgex/gpgex-$(gpgex_ver).tar.bz2 else $(error invalid value for WHAT (use on of: git release this)) endif speedo_pkg_pkg_config_tar = $(pkg2rep)/pkg-config-$(pkg_config_ver).tar.gz -speedo_pkg_zlib_tar = $(pkg2rep)/zlib-$(zlib_ver).tar.gz +speedo_pkg_zlib_tar = $(pkgrep)/zlib/zlib-$(zlib_ver).tar.gz +speedo_pkg_bzip2_tar = $(pkgrep)/bzip2/bzip2-$(bzip2_ver).tar.gz speedo_pkg_libiconv_tar = $(pkg2rep)/libiconv-$(libiconv_ver).tar.gz speedo_pkg_gettext_tar = $(pkg2rep)/gettext-$(gettext_ver).tar.gz speedo_pkg_libffi_tar = $(pkg2rep)/libffi-$(libffi_ver).tar.gz @@ -438,6 +448,13 @@ endef endif +ifeq ($(TARGETOS),w32) +speedo_pkg_bzip2_make_args = \ + CC="$(host)-gcc" AR="$(host)-ar" RANLIB="$(host)-ranlib" + +speedo_pkg_bzip2_make_args_inst = \ + PREFIX=$(idir) CC="$(host)-gcc" AR="$(host)-ar" RANLIB="$(host)-ranlib" +endif speedo_pkg_w64_libiconv_configure = \ --enable-shared=no --enable-static=yes @@ -817,7 +834,7 @@ else @($(call SETVARS,$(1)); \ cd "$$$${pkgbdir}"; \ test -n "$$$${pkgmkdir}" && cd "$$$${pkgmkdir}"; \ - $(MAKE) --no-print-directory $(speedo_makeopt) $$$${pkgmkargs} V=1) + $(MAKE) --no-print-directory $(speedo_makeopt) $$$${pkgmkargs} V=0) endif @touch $(stampdir)/stamp-$(1)-02-make @@ -832,7 +849,7 @@ else @($(call SETVARS_W64,$(1)); \ cd "$$$${pkgbdir}"; \ test -n "$$$${pkgmkdir}" && cd "$$$${pkgmkdir}"; \ - $(MAKE) --no-print-directory $(speedo_makeopt) $$$${pkgmkargs} V=1) + $(MAKE) --no-print-directory $(speedo_makeopt) $$$${pkgmkargs} V=0) endif @touch $(stampdir)/stamp-w64-$(1)-02-make @@ -844,7 +861,7 @@ ifneq ($(findstring $(1),$(speedo_make_only_style)),) @($(call SETVARS,$(1)); \ cd "$$$${pkgsdir}"; \ test -n "$$$${pkgmkdir}" && cd "$$$${pkgmkdir}"; \ - $(MAKE) --no-print-directory $$$${pkgmkargs_inst} install V=1;\ + $(MAKE) --no-print-directory $$$${pkgmkargs_inst} install V=0;\ $(call speedo_pkg_$(call FROB_macro,$(1))_post_install)) else @($(call SETVARS,$(1)); \ @@ -861,7 +878,7 @@ ifneq ($(findstring $(1),$(speedo_make_only_style)),) @($(call SETVARS_W64,$(1)); \ cd "$$$${pkgsdir}"; \ test -n "$$$${pkgmkdir}" && cd "$$$${pkgmkdir}"; \ - $(MAKE) --no-print-directory $$$${pkgmkargs_inst} install V=1;\ + $(MAKE) --no-print-directory $$$${pkgmkargs_inst} install V=0;\ $(call speedo_pkg_$(call FROB_macro,$(1))_post_install)) else @($(call SETVARS_W64,$(1)); \ @@ -983,7 +1000,7 @@ w32_insthelpers: $(bdir)/g4wihelp.dll $(bdir)/inst-options.ini: $(w32src)/inst-options.ini cat $(w32src)/inst-options.ini >$(bdir)/inst-options.ini -installer: all w32_insthelpers $(w32dir)/inst-options.ini $(bdir)/README.txt +installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt $(MAKENSIS) -V2 \ -DINST_DIR=$(idir) \ -DINST6_DIR=$(idir6) \ diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index 3c76c73..707b058 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -52,19 +52,19 @@ !define ABOUT_ENGLISH \ "GnuPG is the mostly used software for mail and data encryption. \ - It can be used to encrypt data and to create digital signatures. \ - It includes an advanced key management facility and is compliant \ - with the proposed OpenPGP Internet standard as described in RFC-4880. \ + GnuPG can be used to encrypt data and to create digital signatures. \ + GnuPG includes an advanced key management facility and is compliant \ + with the OpenPGP Internet standard as described in RFC-4880. \ \r\n\r\n$_CLICK \ - \r\n\r\n\r\n\r\n\r\nThis is GnuPG version ${VERSION}\r\n\ - file version ${PROD_VERSION}\r\n\ - release date ${BUILD_ISODATE}" + \r\n\r\n\r\n\r\n\r\nThis is GnuPG version ${VERSION}.\r\n\ + File version: ${PROD_VERSION}\r\n\ + Release date: ${BUILD_ISODATE}" !define ABOUT_GERMAN \ "GnuPG is die h?ufigst verwendete Software zur Mail- und Datenverschl?sselung.\ \r\n\r\n$_CLICK \ - \r\n\r\n\r\n\r\n\r\nDies ist GnuPG Version ${VERSION}\r\n\ - Dateiversion ${PROD_VERSION}\r\n\ - Releasedatum ${BUILD_ISODATE}" + \r\n\r\n\r\n\r\n\r\nDies ist GnuPG Version ${VERSION}.\r\n\ + Dateiversion: ${PROD_VERSION}\r\n\ + Releasedatum: ${BUILD_ISODATE}" # The copyright license of the package. Define only one of these. ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 35 ++++++++++++++++++++++++++--------- build-aux/speedo/w32/inst.nsi | 18 +++++++++--------- 2 files changed, 35 insertions(+), 18 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 18 13:18:24 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Sep 2014 13:18:24 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.16-1-ga39ffed Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via a39ffed155b14865a1ea00f9b2f19e601874044c (commit) via 8f3187fe56cb8e535e3ceff75fdd4e128070af57 (commit) via b410265df175ed11948ed81e5385b1770443b221 (commit) via cc4b0caa57a595a3727e51e061c519232f7bdb05 (commit) from c307e1f801cd9a25c4a5b9a90073362219d52ee6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a39ffed155b14865a1ea00f9b2f19e601874044c Author: Werner Koch Date: Thu Sep 18 13:18:35 2014 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index bb9cba2..4f754a2 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.17 (unreleased) [C12/A12/R_] +----------------------------------------------- + + Noteworthy changes in version 1.16 (2014-09-18) [C12/A12/R2] ----------------------------------------------- diff --git a/configure.ac b/configure.ac index 71ef4a1..b32b751 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.11" # another commit, and a push so that the git magic is able to work. # See below for the LT versions. m4_define([mym4_version_major], [1]) -m4_define([mym4_version_minor], [16]) +m4_define([mym4_version_minor], [17]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit 8f3187fe56cb8e535e3ceff75fdd4e128070af57 Author: Werner Koch Date: Thu Sep 18 13:05:34 2014 +0200 Release 1.16. * configure.ac: Set LT version to C12/A12/R2. diff --git a/NEWS b/NEWS index 94e1290..bb9cba2 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ -Noteworthy changes in version 1.16 (unreleased) [C__/A__/R_] +Noteworthy changes in version 1.16 (2014-09-18) [C12/A12/R2] ----------------------------------------------- + * Support building for iOS. + + * Fixed a prototype mismatch. + + * Fix es_fclose for streams opened with "samethread". + Noteworthy changes in version 1.15 (2014-09-11) [C12/A12/R1] ----------------------------------------------- diff --git a/configure.ac b/configure.ac index d2964f2..71ef4a1 100644 --- a/configure.ac +++ b/configure.ac @@ -53,7 +53,7 @@ AC_INIT([libgpg-error],[mym4_full_version],[http://bugs.gnupg.org]) # Note that added error codes don't constitute an interface change. LIBGPG_ERROR_LT_CURRENT=12 LIBGPG_ERROR_LT_AGE=12 -LIBGPG_ERROR_LT_REVISION=1 +LIBGPG_ERROR_LT_REVISION=2 ################################################ AC_SUBST(LIBGPG_ERROR_LT_CURRENT) commit b410265df175ed11948ed81e5385b1770443b221 Author: Werner Koch Date: Thu Sep 18 13:02:15 2014 +0200 doc updates and type fixes. -- diff --git a/doc/errorref.txt b/doc/errorref.txt index 8a96673..f4ff673 100644 --- a/doc/errorref.txt +++ b/doc/errorref.txt @@ -231,7 +231,13 @@ GPG_ERR_MISSING_CERT Missing certificate 67 GPG_ERR_TOO_LARGE Provided object is too large 68 GPG_ERR_NO_OBJ Missing item in object 69 GPG_ERR_NOT_IMPLEMENTED Not implemented -70 GPG_ERR_CONFLICT Conflicting use + +GPG_ERR_CONFLICT Conflicting use + + NTBTLS: - Function has already been called and may not be called + again at this protocol state. + + 71 GPG_ERR_INV_CIPHER_MODE Invalid cipher mode 72 GPG_ERR_INV_FLAG Invalid flag 73 GPG_ERR_INV_HANDLE Invalid handle @@ -395,7 +401,15 @@ GPG_ERR_UNSUPPORTED_ENCODING Unsupported encoding 153 GPG_ERR_KEY_EXPIRED Key expired 154 GPG_ERR_SIG_EXPIRED Signature expired 155 GPG_ERR_ENCODING_PROBLEM Encoding problem -156 GPG_ERR_INV_STATE Invalid state + +GPG_ERR_INV_STATE Invalid state + + The state (of a protocol) is not possible or not defined at all. + + NTBTLS: - Data received in an unexpected state. + + + 157 GPG_ERR_DUP_VALUE Duplicated value GPG_ERR_MISSING_ACTION Missing action diff --git a/src/estream.c b/src/estream.c index 1bff535..46be363 100644 --- a/src/estream.c +++ b/src/estream.c @@ -1749,7 +1749,7 @@ init_stream_obj (estream_t stream, reading mode. This is required in case we are working on a stream which is not seeekable (like stdout). Without this pre-initialization we would do a seek at the first write call and - as this will fail no utput will be delivered. */ + as this will fail no output will be delivered. */ if ((modeflags & O_WRONLY) || (modeflags & O_RDWR) ) stream->flags.writing = 1; else commit cc4b0caa57a595a3727e51e061c519232f7bdb05 Author: Werner Koch Date: Thu Sep 18 12:30:28 2014 +0200 Add new lock-obj-pub for Apple iOS. * src/syscfg/lock-obj-pub.aarch64-apple-darwin.h: New. * src/syscfg/lock-obj-pub.arm-apple-darwin.h: New. -- Created by Chris Ballinger . He also noted: When cross-compiling for arm-apple-darwin and aarch64-apple-darwin I also needed to generate these files, so here they are. I made a little iOS utility to help people generate them in case Apple adds any more architectures in the future: https://github.com/chrisballinger/gen-posix-lock-obj-iOS diff --git a/src/Makefile.am b/src/Makefile.am index a9c0a5a..10810a6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -42,10 +42,12 @@ endif # Distributed lock object definitions for cross compilation. lock_obj_pub = \ syscfg/lock-obj-pub.aarch64-unknown-linux-gnu.h \ + syscfg/lock-obj-pub.aarch64-apple-darwin.h \ syscfg/lock-obj-pub.alpha-unknown-linux-gnu.h \ syscfg/lock-obj-pub.arm-unknown-linux-androideabi.h \ syscfg/lock-obj-pub.arm-unknown-linux-gnueabi.h \ syscfg/lock-obj-pub.arm-unknown-linux-gnueabihf.h \ + syscfg/lock-obj-pub.arm-apple-darwin.h \ syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h \ syscfg/lock-obj-pub.i486-pc-gnu.h \ syscfg/lock-obj-pub.i486-pc-kfreebsd-gnu.h \ diff --git a/src/syscfg/lock-obj-pub.aarch64-apple-darwin.h b/src/syscfg/lock-obj-pub.aarch64-apple-darwin.h new file mode 100644 index 0000000..3eeadfe --- /dev/null +++ b/src/syscfg/lock-obj-pub.aarch64-apple-darwin.h @@ -0,0 +1,28 @@ +## lock-obj-pub.aarch64-apple-darwin.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[64]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{167,171,170,50,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## diff --git a/src/syscfg/lock-obj-pub.arm-apple-darwin.h b/src/syscfg/lock-obj-pub.arm-apple-darwin.h new file mode 100644 index 0000000..4e9f630 --- /dev/null +++ b/src/syscfg/lock-obj-pub.arm-apple-darwin.h @@ -0,0 +1,26 @@ +## lock-obj-pub.arm-apple-darwin.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[44]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{167,171,170,50,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0,0,0,0,0, \ +0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## ----------------------------------------------------------------------- Summary of changes: NEWS | 12 +++++++++- configure.ac | 4 ++-- doc/errorref.txt | 18 +++++++++++++-- src/Makefile.am | 2 ++ src/estream.c | 2 +- src/syscfg/lock-obj-pub.aarch64-apple-darwin.h | 28 ++++++++++++++++++++++++ src/syscfg/lock-obj-pub.arm-apple-darwin.h | 26 ++++++++++++++++++++++ 7 files changed, 86 insertions(+), 6 deletions(-) create mode 100644 src/syscfg/lock-obj-pub.aarch64-apple-darwin.h create mode 100644 src/syscfg/lock-obj-pub.arm-apple-darwin.h hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 18 18:35:20 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 18 Sep 2014 18:35:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta783-52-g34a3e45 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 34a3e458d09453f1714ca935078659f17ebb5733 (commit) via 93f158df381af86036332c4314c2d4a64eab3e62 (commit) via 72a16d80d4505aa0ff509aae41f848bbe42ed129 (commit) via 345a8374f31e637a99e6438e527670cf6845ca05 (commit) via 927db789c19cbe5656ff980841ee37dd3a8989e7 (commit) via cad181b5ece3ab6910575c82c731ce2b47271a09 (commit) via 6e7bcabd781a3ca9ad7dd90d962fb2a239feab4a (commit) via b17e8bbf20239e840763f98d3e62f16efdc82ba3 (commit) via f82a6e0f08725008c5bbf702a5f4c175ea09f01c (commit) via 4f35ef499ac913036b7b69296a62afe8159b90b8 (commit) via ba6f8b3d9ec83b35c4f3839853567491fee2f99c (commit) via 34b2e8c7dcb0edb28f99edbd788d73491334e3c0 (commit) via 6a0c3fa19cfcdd590b96691e8a8ffb48fb5e0ec4 (commit) via 327134934d79d141d92170ad3b4a6ef3cb718ee0 (commit) via 0af533abd3c1ebd2cf19371fcb8cd2dcc22d355b (commit) from 2f065d7ab6c514013eb8504281f50284764c26ec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 34a3e458d09453f1714ca935078659f17ebb5733 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 Post beta release update. -- diff --git a/NEWS b/NEWS index d5aa52e..a700313 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.0-betaNNN (unreleased) +-------------------------------------------------------- + + Noteworthy changes in version 2.1.0-beta834 (2014-09-18) -------------------------------------------------------- diff --git a/autogen.rc b/autogen.rc index 3e0a9e9..f030b94 100644 --- a/autogen.rc +++ b/autogen.rc @@ -42,4 +42,4 @@ esac extra_aclocal_flags="-I gl/m4" -final_info="./configure --sysconfdir=/etc --enable-maintainer-mode --enable-symcryptrun --enable-gpgtar && make" +final_info="./configure --sysconfdir=/etc --enable-maintainer-mode && make" commit 93f158df381af86036332c4314c2d4a64eab3e62 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 Release 2.1.0-beta834. diff --git a/AUTHORS b/AUTHORS index 539d24b..a4af1dc 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,5 +1,7 @@ Program: GnuPG Homepage: https://www.gnupg.org +Download: ftp://ftp.gnupg.org/gcrypt/gnupg/ +Repository: git://git.gnupg.org/gnupg.git Maintainer: Werner Koch Bug reports: http://bugs.gnupg.org Security related bug reports: diff --git a/NEWS b/NEWS index d6fb1b3..d5aa52e 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,22 @@ -Noteworthy changes in version 2.1.0-betaNNN (unreleased) +Noteworthy changes in version 2.1.0-beta834 (2014-09-18) -------------------------------------------------------- + * gpg: Improved passphrase caching. + + * gpg: Switched to algorithm number 22 for EdDSA. + + * gpg: Removed CAST5 from the default preferences. + + * gpg: Order SHA-1 last in the hash preferences. + + * gpg: Changed default cipher for --symmetric to AES-128. + + * gpg: Fixed export of ECC keys and import of EdDSA keys. + + * dirmngr: Fixed the KS_FETCH command. + + * speedo: Downloads related packages and works for non-Windows. + Noteworthy changes in version 2.1.0-beta783 (2014-08-14) -------------------------------------------------------- diff --git a/README b/README index da4c498..372d84a 100644 --- a/README +++ b/README @@ -85,6 +85,15 @@ You may run to view the default directories used by GnuPG. +To quickly build all required software without installing it, the +Speedo method may be used: + + make -f build-aux/speedo.mk native + +This method downloads all required libraries and does a native build +of GnuPG to PLAY/inst/. GNU make is required and you need to set +LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib. + MIGRATION FROM 1.4 or 2.0 to 2.1 ================================ commit 72a16d80d4505aa0ff509aae41f848bbe42ed129 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 speedo: Distribute needed files. * Makefile.am (EXTRA_DIST): Add speedo stuff. diff --git a/Makefile.am b/Makefile.am index 89e2077..286038e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,11 +23,27 @@ DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-gpgtar GITLOG_TO_CHANGELOG=gitlog-to-changelog -EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc +EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \ ChangeLog-2011 po/ChangeLog-2011 build-aux/ChangeLog-2011 \ - VERSION build-aux/gitlog-to-changelog \ + VERSION README.GIT build-aux/gitlog-to-changelog \ build-aux/git-log-fix build-aux/git-log-footer \ - build-aux/speedo.mk README.GIT + build-aux/getswdb.sh \ + build-aux/speedo.mk \ + build-aux/speedo/zlib.pc \ + build-aux/speedo/w32 \ + build-aux/speedo/w32/inst-options.ini \ + build-aux/speedo/w32/inst.nsi \ + build-aux/speedo/w32/pkg-copyright.txt \ + build-aux/speedo/w32/g4wihelp.c \ + build-aux/speedo/w32/pango.modules \ + build-aux/speedo/w32/gdk-pixbuf-loaders.cache \ + build-aux/speedo/w32/exdll.h \ + build-aux/speedo/w32/README.txt \ + build-aux/speedo/patches \ + build-aux/speedo/patches/atk-1.32.0.patch \ + build-aux/speedo/patches/libiconv-1.14.patch \ + build-aux/speedo/patches/pango-1.29.4.patch + DISTCLEANFILES = g10defs.h commit 345a8374f31e637a99e6438e527670cf6845ca05 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 build: Enable gpgtar by default. diff --git a/configure.ac b/configure.ac index a522dd2..a2f07cb 100644 --- a/configure.ac +++ b/configure.ac @@ -111,7 +111,7 @@ GNUPG_BUILD_PROGRAM(dirmngr, yes) GNUPG_BUILD_PROGRAM(tools, yes) GNUPG_BUILD_PROGRAM(doc, yes) GNUPG_BUILD_PROGRAM(symcryptrun, no) -GNUPG_BUILD_PROGRAM(gpgtar, no) +GNUPG_BUILD_PROGRAM(gpgtar, yes) AC_SUBST(PACKAGE) AC_SUBST(PACKAGE_GT) commit 927db789c19cbe5656ff980841ee37dd3a8989e7 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 common: Do not build maintainer modules in non-maintainer mode. * common/Makefile.am (module_maint_tests): Use only in maintainer mode. (t_common_cflags): New. diff --git a/common/Makefile.am b/common/Makefile.am index 40fdabd..03bc5eb 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -181,13 +181,21 @@ module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil \ if !HAVE_W32CE_SYSTEM module_tests += t-exechelp endif + +if MAINTAINER_MODE module_maint_tests = t-helpfile t-b64 t-http +else +module_maint_tests = +endif +t_common_cflags = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS) \ + $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) t_common_ldadd = libcommon.a ../gl/libgnu.a \ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(LIBICONV) + # jnlib tests t_stringhelp_SOURCES = t-stringhelp.c $(t_jnlib_src) t_stringhelp_LDADD = $(t_common_ldadd) diff --git a/common/t-http.c b/common/t-http.c index d4c974d..9872f9a 100644 --- a/common/t-http.c +++ b/common/t-http.c @@ -226,7 +226,7 @@ main (int argc, char **argv) } if (argc != 1) { - fprintf (stderr, PGM ": no or roo many URLS given\n"); + fprintf (stderr, PGM ": no or too many URLS given\n"); exit (1); } commit cad181b5ece3ab6910575c82c731ce2b47271a09 Author: Werner Koch Date: Thu Sep 18 15:49:44 2014 +0200 common: Remove superfluous statements. * common/exechelp-posix.c: Remove weak pragmas. * common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double const. -- We do not use Pth anymore and thus there is no more need for the weak pragmas. diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 249d38d..1a1ff1b 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -70,15 +70,6 @@ #include "exechelp.h" -/* We have the usual problem here: Some modules are linked against pth - and some are not. However we want to use pth_fork and pth_waitpid - here. Using a weak symbol works but is not portable - we should - provide a an explicit dummy pth module instead of using the - pragma. */ -#pragma weak pth_fork -#pragma weak pth_waitpid - - /* Return the maximum number of currently allowed open file descriptors. Only useful on POSIX systems but returns a value on other systems too. */ diff --git a/common/sexputil.c b/common/sexputil.c index f15b94c..c24facb 100644 --- a/common/sexputil.c +++ b/common/sexputil.c @@ -370,9 +370,9 @@ make_canon_sexp_from_rsa_pk (const void *m_arg, size_t mlen, char mlen_str[35]; char elen_str[35]; unsigned char *keybuf, *p; - const char const part1[] = "(10:public-key(3:rsa(1:n"; - const char const part2[] = ")(1:e"; - const char const part3[] = ")))"; + const char part1[] = "(10:public-key(3:rsa(1:n"; + const char part2[] = ")(1:e"; + const char part3[] = ")))"; /* Remove leading zeroes. */ for (; mlen && !*m; mlen--, m++) commit 6e7bcabd781a3ca9ad7dd90d962fb2a239feab4a Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 g13: Avoid segv after pipe creation failure. * g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an early error. (gpg_decrypt_blob): Ditto. diff --git a/g13/call-gpg.c b/g13/call-gpg.c index 316082a..54f6056 100644 --- a/g13/call-gpg.c +++ b/g13/call-gpg.c @@ -332,11 +332,11 @@ gpg_encrypt_blob (ctrl_t ctrl, const void *plain, size_t plainlen, strlist_t keys, void **r_ciph, size_t *r_ciphlen) { gpg_error_t err; - assuan_context_t ctx; + assuan_context_t ctx = NULL; int outbound_fds[2] = { -1, -1 }; int inbound_fds[2] = { -1, -1 }; - npth_t writer_thread; - npth_t reader_thread; + npth_t writer_thread = (npth_t)0; + npth_t reader_thread = (npth_t)0; gpg_error_t writer_err, reader_err; membuf_t reader_mb; char line[ASSUAN_LINELENGTH]; @@ -475,11 +475,11 @@ gpg_decrypt_blob (ctrl_t ctrl, const void *ciph, size_t ciphlen, void **r_plain, size_t *r_plainlen) { gpg_error_t err; - assuan_context_t ctx; + assuan_context_t ctx = NULL; int outbound_fds[2] = { -1, -1 }; int inbound_fds[2] = { -1, -1 }; - npth_t writer_thread; - npth_t reader_thread; + npth_t writer_thread = (npth_t)0; + npth_t reader_thread = (npth_t)0; gpg_error_t writer_err, reader_err; membuf_t reader_mb; int ret; commit b17e8bbf20239e840763f98d3e62f16efdc82ba3 Author: Werner Koch Date: Thu Sep 18 15:39:50 2014 +0200 scd: Fix int/short mismatch in format string of app-p15.c * scd/app-p15.c (parse_certid): Use snprintf and cast value. (send_certinfo): Ditto. (send_keypairinfo): Ditto. (do_getattr): Ditto. diff --git a/scd/app-p15.c b/scd/app-p15.c index cc407af..eb074ef 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -494,7 +494,8 @@ parse_certid (app_t app, const char *certid, *r_objidlen = 0; if (app->app_local->home_df) - sprintf (tmpbuf, "P15-%04hX.", (app->app_local->home_df & 0xffff)); + snprintf (tmpbuf, sizeof tmpbuf, + "P15-%04X.", (unsigned int)(app->app_local->home_df & 0xffff)); else strcpy (tmpbuf, "P15."); if (strncmp (certid, tmpbuf, strlen (tmpbuf)) ) @@ -2370,7 +2371,8 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype, p = stpcpy (buf, "P15"); if (app->app_local->home_df) { - sprintf (p, "-%04hX", (app->app_local->home_df & 0xffff)); + snprintf (p, 6, "-%04X", + (unsigned int)(app->app_local->home_df & 0xffff)); p += 5; } p = stpcpy (p, "."); @@ -2461,7 +2463,8 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo) p = stpcpy (buf, "P15"); if (app->app_local->home_df) { - sprintf (p, "-%04hX", (app->app_local->home_df & 0xffff)); + snprintf (p, 6, "-%04hX", + (unsigned int)(app->app_local->home_df & 0xffff)); p += 5; } p = stpcpy (p, "."); @@ -2686,7 +2689,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name) p = stpcpy (buf, "P15"); if (app->app_local->home_df) { - sprintf (p, "-%04hX", (app->app_local->home_df & 0xffff)); + snprintf (p, 6, "-%04hX", + (unsigned int)(app->app_local->home_df & 0xffff)); p += 5; } p = stpcpy (p, "."); commit f82a6e0f08725008c5bbf702a5f4c175ea09f01c Author: Werner Koch Date: Thu Sep 18 15:32:17 2014 +0200 agent: Init a local variable in the error case. * agent/pksign.c (do_encode_md): Init HASH on error. diff --git a/agent/pksign.c b/agent/pksign.c index 9147b50..0160a11 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -62,13 +62,15 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash, gcry_mpi_t mpi; rc = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, md, mdlen, NULL); - if (! rc) + if (!rc) { rc = gcry_sexp_build (&hash, NULL, "(data (flags raw) (value %m))", mpi); gcry_mpi_release (mpi); } + else + hash = NULL; } commit 4f35ef499ac913036b7b69296a62afe8159b90b8 Author: Werner Koch Date: Thu Sep 18 15:28:40 2014 +0200 agent: Remove left over debug output. * agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug output. diff --git a/agent/command-ssh.c b/agent/command-ssh.c index d619324..5427323 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -1665,14 +1665,12 @@ ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec, if (err) goto out; - gcry_log_debug (" out: len=%zu\n", totallen); err = stream_write_uint32 (stream, totallen); if (err) goto out; for (i = 0; i < DIM(data); i++) { - gcry_log_debughex (" out", data[i], data_n[i]); err = stream_write_data (stream, data[i], data_n[i]); if (err) goto out; commit ba6f8b3d9ec83b35c4f3839853567491fee2f99c Author: Werner Koch Date: Thu Sep 18 15:21:56 2014 +0200 agent: Silence compiler warning for a debug message. * agent/call-pinentry.c (agent_query_dump_state): Use %p for POPUP_TID. diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 2562e51..126d696 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -107,8 +107,8 @@ initialize_module_call_pinentry (void) void agent_query_dump_state (void) { - log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld popup_tid=%lx\n", - entry_ctx, (long)assuan_get_pid (entry_ctx), popup_tid); + log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld popup_tid=%p\n", + entry_ctx, (long)assuan_get_pid (entry_ctx), (void*)popup_tid); } /* Called to make sure that a popup window owned by the current commit 34b2e8c7dcb0edb28f99edbd788d73491334e3c0 Author: Werner Koch Date: Thu Sep 18 15:17:44 2014 +0200 sm: Silence compiler warnings. * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I. * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler warning. diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c index 368dc55..3ccd048 100644 --- a/sm/certreqgen-ui.c +++ b/sm/certreqgen-ui.c @@ -147,7 +147,6 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) char *subject_name; membuf_t mb_email, mb_dns, mb_uri, mb_result; char *result = NULL; - int i; const char *s, *s2; int selfsigned; @@ -381,7 +380,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) goto mem_error; tty_printf (_("These parameters are used:\n")); - for (s=result; (s2 = strchr (s, '\n')); s = s2+1, i++) + for (s=result; (s2 = strchr (s, '\n')); s = s2+1) tty_printf (" %.*s\n", (int)(s2-s), s); tty_printf ("\n"); diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 241e67d..9720b80 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -437,7 +437,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para, char numbuf[20]; unsigned char keyparms[100]; int rc = 0; - ksba_sexp_t public; + ksba_sexp_t public = NULL; ksba_sexp_t sigkey = NULL; int seq; size_t erroff, errlen; commit 6a0c3fa19cfcdd590b96691e8a8ffb48fb5e0ec4 Author: Werner Koch Date: Thu Sep 18 15:08:51 2014 +0200 gpg: Silence a compiler warning. * g10/parse-packet.c (enum_sig_subpkt): Replace hack. diff --git a/g10/parse-packet.c b/g10/parse-packet.c index edaa84d..f7b2079 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1428,11 +1428,10 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype, if (!pktbuf || reqseq == -1) { - /* return some value different from NULL to indicate that - * there is no critical bit we do not understand. The caller - * will never use the value. Yes I know, it is an ugly hack */ - return reqtype == - SIGSUBPKT_TEST_CRITICAL ? (const byte *) &pktbuf : NULL; + static char dummy[] = "x"; + /* Return a value different from NULL to indicate that + * there is no critical bit we do not understand. */ + return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL; } buffer = pktbuf->data; buflen = pktbuf->len; commit 327134934d79d141d92170ad3b4a6ef3cb718ee0 Author: Werner Koch Date: Thu Sep 18 14:56:39 2014 +0200 gpg: Replace a hash algo test function. * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. -- This is actually not required because as of now the used OpenPGP and Gcrypt hash algorithm numbers are identical. But that might change in the future. This changes the behavior of GnuPG in case it has been build with some algorithms disabled: If those algorithms are available in Libgcrypt, their results will be used printed anyway. diff --git a/g10/gpg.c b/g10/gpg.c index b06e392..a9d248d 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4386,18 +4386,18 @@ print_mds( const char *fname, int algo ) gcry_md_enable (md, algo); else { - if (!openpgp_md_test_algo (GCRY_MD_MD5)) + if (!gcry_md_test_algo (GCRY_MD_MD5)) gcry_md_enable (md, GCRY_MD_MD5); gcry_md_enable (md, GCRY_MD_SHA1); - if (!openpgp_md_test_algo (GCRY_MD_RMD160)) + if (!gcry_md_test_algo (GCRY_MD_RMD160)) gcry_md_enable (md, GCRY_MD_RMD160); - if (!openpgp_md_test_algo (GCRY_MD_SHA224)) + if (!gcry_md_test_algo (GCRY_MD_SHA224)) gcry_md_enable (md, GCRY_MD_SHA224); - if (!openpgp_md_test_algo (GCRY_MD_SHA256)) + if (!gcry_md_test_algo (GCRY_MD_SHA256)) gcry_md_enable (md, GCRY_MD_SHA256); - if (!openpgp_md_test_algo (GCRY_MD_SHA384)) + if (!gcry_md_test_algo (GCRY_MD_SHA384)) gcry_md_enable (md, GCRY_MD_SHA384); - if (!openpgp_md_test_algo (GCRY_MD_SHA512)) + if (!gcry_md_test_algo (GCRY_MD_SHA512)) gcry_md_enable (md, GCRY_MD_SHA512); } @@ -4415,18 +4415,18 @@ print_mds( const char *fname, int algo ) print_hashline (md, algo, fname); else { - if (!openpgp_md_test_algo (GCRY_MD_MD5)) + if (!gcry_md_test_algo (GCRY_MD_MD5)) print_hashline( md, GCRY_MD_MD5, fname ); print_hashline( md, GCRY_MD_SHA1, fname ); - if (!openpgp_md_test_algo (GCRY_MD_RMD160)) + if (!gcry_md_test_algo (GCRY_MD_RMD160)) print_hashline( md, GCRY_MD_RMD160, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA224)) + if (!gcry_md_test_algo (GCRY_MD_SHA224)) print_hashline (md, GCRY_MD_SHA224, fname); - if (!openpgp_md_test_algo (GCRY_MD_SHA256)) + if (!gcry_md_test_algo (GCRY_MD_SHA256)) print_hashline( md, GCRY_MD_SHA256, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA384)) + if (!gcry_md_test_algo (GCRY_MD_SHA384)) print_hashline ( md, GCRY_MD_SHA384, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA512)) + if (!gcry_md_test_algo (GCRY_MD_SHA512)) print_hashline ( md, GCRY_MD_SHA512, fname ); } } @@ -4436,18 +4436,18 @@ print_mds( const char *fname, int algo ) print_hex (md, -algo, fname); else { - if (!openpgp_md_test_algo (GCRY_MD_MD5)) + if (!gcry_md_test_algo (GCRY_MD_MD5)) print_hex (md, GCRY_MD_MD5, fname); print_hex (md, GCRY_MD_SHA1, fname ); - if (!openpgp_md_test_algo (GCRY_MD_RMD160)) + if (!gcry_md_test_algo (GCRY_MD_RMD160)) print_hex (md, GCRY_MD_RMD160, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA224)) + if (!gcry_md_test_algo (GCRY_MD_SHA224)) print_hex (md, GCRY_MD_SHA224, fname); - if (!openpgp_md_test_algo (GCRY_MD_SHA256)) + if (!gcry_md_test_algo (GCRY_MD_SHA256)) print_hex (md, GCRY_MD_SHA256, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA384)) + if (!gcry_md_test_algo (GCRY_MD_SHA384)) print_hex (md, GCRY_MD_SHA384, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA512)) + if (!gcry_md_test_algo (GCRY_MD_SHA512)) print_hex (md, GCRY_MD_SHA512, fname ); } } commit 0af533abd3c1ebd2cf19371fcb8cd2dcc22d355b Author: Werner Koch Date: Thu Sep 18 14:50:02 2014 +0200 gpg: Re-indent a function. -- diff --git a/g10/gpg.c b/g10/gpg.c index 8d69da0..b06e392 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4349,102 +4349,113 @@ print_hashline( gcry_md_hd_t md, int algo, const char *fname ) es_fputs (":\n", es_stdout); } + static void print_mds( const char *fname, int algo ) { - FILE *fp; - char buf[1024]; - size_t n; - gcry_md_hd_t md; + FILE *fp; + char buf[1024]; + size_t n; + gcry_md_hd_t md; - if( !fname ) { - fp = stdin; + if (!fname) + { + fp = stdin; #ifdef HAVE_DOSISH_SYSTEM - setmode ( fileno(fp) , O_BINARY ); + setmode ( fileno(fp) , O_BINARY ); #endif } - else { - fp = fopen( fname, "rb" ); - if (fp && is_secured_file (fileno (fp))) - { - fclose (fp); - fp = NULL; - gpg_err_set_errno (EPERM); - } + else + { + fp = fopen (fname, "rb" ); + if (fp && is_secured_file (fileno (fp))) + { + fclose (fp); + fp = NULL; + gpg_err_set_errno (EPERM); + } } - if( !fp ) { - log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) ); - return; + if (!fp) + { + log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) ); + return; } - gcry_md_open (&md, 0, 0); - if( algo ) - gcry_md_enable (md, algo); - else { - if (!openpgp_md_test_algo (GCRY_MD_MD5)) - gcry_md_enable (md, GCRY_MD_MD5); - gcry_md_enable (md, GCRY_MD_SHA1); - if (!openpgp_md_test_algo (GCRY_MD_RMD160)) - gcry_md_enable (md, GCRY_MD_RMD160); - if (!openpgp_md_test_algo (GCRY_MD_SHA224)) - gcry_md_enable (md, GCRY_MD_SHA224); - if (!openpgp_md_test_algo (GCRY_MD_SHA256)) - gcry_md_enable (md, GCRY_MD_SHA256); - if (!openpgp_md_test_algo (GCRY_MD_SHA384)) - gcry_md_enable (md, GCRY_MD_SHA384); - if (!openpgp_md_test_algo (GCRY_MD_SHA512)) - gcry_md_enable (md, GCRY_MD_SHA512); + gcry_md_open (&md, 0, 0); + if (algo) + gcry_md_enable (md, algo); + else + { + if (!openpgp_md_test_algo (GCRY_MD_MD5)) + gcry_md_enable (md, GCRY_MD_MD5); + gcry_md_enable (md, GCRY_MD_SHA1); + if (!openpgp_md_test_algo (GCRY_MD_RMD160)) + gcry_md_enable (md, GCRY_MD_RMD160); + if (!openpgp_md_test_algo (GCRY_MD_SHA224)) + gcry_md_enable (md, GCRY_MD_SHA224); + if (!openpgp_md_test_algo (GCRY_MD_SHA256)) + gcry_md_enable (md, GCRY_MD_SHA256); + if (!openpgp_md_test_algo (GCRY_MD_SHA384)) + gcry_md_enable (md, GCRY_MD_SHA384); + if (!openpgp_md_test_algo (GCRY_MD_SHA512)) + gcry_md_enable (md, GCRY_MD_SHA512); } - while( (n=fread( buf, 1, DIM(buf), fp )) ) - gcry_md_write (md, buf, n); - if( ferror(fp) ) - log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) ); - else { - gcry_md_final (md); - if ( opt.with_colons ) { - if ( algo ) - print_hashline( md, algo, fname ); - else { - if (!openpgp_md_test_algo (GCRY_MD_MD5)) - print_hashline( md, GCRY_MD_MD5, fname ); - print_hashline( md, GCRY_MD_SHA1, fname ); - if (!openpgp_md_test_algo (GCRY_MD_RMD160)) - print_hashline( md, GCRY_MD_RMD160, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA224)) - print_hashline (md, GCRY_MD_SHA224, fname); - if (!openpgp_md_test_algo (GCRY_MD_SHA256)) - print_hashline( md, GCRY_MD_SHA256, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA384)) - print_hashline ( md, GCRY_MD_SHA384, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA512)) - print_hashline ( md, GCRY_MD_SHA512, fname ); + while ((n=fread (buf, 1, DIM(buf), fp))) + gcry_md_write (md, buf, n); + + if (ferror(fp)) + log_error ("%s: %s\n", fname?fname:"[stdin]", strerror(errno)); + else + { + gcry_md_final (md); + if (opt.with_colons) + { + if ( algo ) + print_hashline (md, algo, fname); + else + { + if (!openpgp_md_test_algo (GCRY_MD_MD5)) + print_hashline( md, GCRY_MD_MD5, fname ); + print_hashline( md, GCRY_MD_SHA1, fname ); + if (!openpgp_md_test_algo (GCRY_MD_RMD160)) + print_hashline( md, GCRY_MD_RMD160, fname ); + if (!openpgp_md_test_algo (GCRY_MD_SHA224)) + print_hashline (md, GCRY_MD_SHA224, fname); + if (!openpgp_md_test_algo (GCRY_MD_SHA256)) + print_hashline( md, GCRY_MD_SHA256, fname ); + if (!openpgp_md_test_algo (GCRY_MD_SHA384)) + print_hashline ( md, GCRY_MD_SHA384, fname ); + if (!openpgp_md_test_algo (GCRY_MD_SHA512)) + print_hashline ( md, GCRY_MD_SHA512, fname ); } } - else { - if( algo ) - print_hex(md,-algo,fname); - else { - if (!openpgp_md_test_algo (GCRY_MD_MD5)) - print_hex( md, GCRY_MD_MD5, fname ); - print_hex( md, GCRY_MD_SHA1, fname ); - if (!openpgp_md_test_algo (GCRY_MD_RMD160)) - print_hex( md, GCRY_MD_RMD160, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA224)) - print_hex (md, GCRY_MD_SHA224, fname); - if (!openpgp_md_test_algo (GCRY_MD_SHA256)) - print_hex( md, GCRY_MD_SHA256, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA384)) - print_hex( md, GCRY_MD_SHA384, fname ); - if (!openpgp_md_test_algo (GCRY_MD_SHA512)) - print_hex( md, GCRY_MD_SHA512, fname ); + else + { + if (algo) + print_hex (md, -algo, fname); + else + { + if (!openpgp_md_test_algo (GCRY_MD_MD5)) + print_hex (md, GCRY_MD_MD5, fname); + print_hex (md, GCRY_MD_SHA1, fname ); + if (!openpgp_md_test_algo (GCRY_MD_RMD160)) + print_hex (md, GCRY_MD_RMD160, fname ); + if (!openpgp_md_test_algo (GCRY_MD_SHA224)) + print_hex (md, GCRY_MD_SHA224, fname); + if (!openpgp_md_test_algo (GCRY_MD_SHA256)) + print_hex (md, GCRY_MD_SHA256, fname ); + if (!openpgp_md_test_algo (GCRY_MD_SHA384)) + print_hex (md, GCRY_MD_SHA384, fname ); + if (!openpgp_md_test_algo (GCRY_MD_SHA512)) + print_hex (md, GCRY_MD_SHA512, fname ); } } } - gcry_md_close(md); + gcry_md_close (md); - if( fp != stdin ) - fclose(fp); + if (fp != stdin) + fclose (fp); } ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 + Makefile.am | 22 ++++++- NEWS | 20 ++++++ README | 9 +++ agent/call-pinentry.c | 4 +- agent/command-ssh.c | 2 - agent/pksign.c | 4 +- autogen.rc | 2 +- common/Makefile.am | 8 +++ common/exechelp-posix.c | 9 --- common/sexputil.c | 6 +- common/t-http.c | 2 +- configure.ac | 2 +- g10/gpg.c | 167 +++++++++++++++++++++++++---------------------- g10/parse-packet.c | 9 ++- g13/call-gpg.c | 12 ++-- scd/app-p15.c | 12 ++-- sm/certreqgen-ui.c | 3 +- sm/certreqgen.c | 2 +- 19 files changed, 178 insertions(+), 119 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 20 11:59:34 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 20 Sep 2014 11:59:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-2-g72137a4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 72137a4522f9daafbd39f63841fda50e3537b33e (commit) from 34a3e458d09453f1714ca935078659f17ebb5733 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 72137a4522f9daafbd39f63841fda50e3537b33e Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 Register DCO for Andre Heinecke. -- diff --git a/AUTHORS b/AUTHORS index a4af1dc..a826e02 100644 --- a/AUTHORS +++ b/AUTHORS @@ -161,6 +161,9 @@ Yutaka Niibe Assigns Past and Future Changes Authors with a DCO ================== +Andre Heinecke +2014-09-19:4525694.FcpLvWDUFT at esus: + Andreas Schwier 2014-07-22:53CED1D8.1010306 at cardcontact.de: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 20 16:27:41 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 20 Sep 2014 16:27:41 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-4-g1d33d03 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1d33d03f0bb576601f5eef1a548cbc519f251b17 (commit) via cf648fc5c8cb20bfea4fd303631ba311bbaf3659 (commit) from 72137a4522f9daafbd39f63841fda50e3537b33e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1d33d03f0bb576601f5eef1a548cbc519f251b17 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 gpg: --delete-secret-key - check that a secret key exists. * g10/delkey.c (do_delete_key): Check availibility of a secret key. -- Actually we check that at least one secret subkey exists. diff --git a/g10/delkey.c b/g10/delkey.c index 3de705d..063de78 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -111,6 +111,15 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) err = 0; } + if (secret && !have_secret_key_with_kid (keyid)) + { + err = gpg_error (GPG_ERR_NOT_FOUND); + log_error (_("key \"%s\" not found: %s\n"), username, gpg_strerror (err)); + write_status_text (STATUS_DELETE_PROBLEM, "1"); + goto leave; + } + + if (opt.batch && exactmatch) okay++; else if (opt.batch && secret) commit cf648fc5c8cb20bfea4fd303631ba311bbaf3659 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 gpg: Make algorithm selection prompt for ECC more clear. * g10/keygen.c (ask_algo): Change 9 to "ECC and ECC". diff --git a/g10/keygen.c b/g10/keygen.c index 4ae34bf..b6b50f6 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1833,7 +1833,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage, #if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA if (opt.expert && !addmode) - tty_printf (_(" (%d) ECC\n"), 9 ); + tty_printf (_(" (%d) ECC and ECC\n"), 9 ); if (opt.expert) tty_printf (_(" (%d) ECC (sign only)\n"), 10 ); if (opt.expert) ----------------------------------------------------------------------- Summary of changes: g10/delkey.c | 9 +++++++++ g10/keygen.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 22 08:57:20 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Sep 2014 08:57:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-6-gbc2f5c1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via bc2f5c1d1afbe8ba413e594639fd05f19df32f75 (commit) via a4205d5ed0371e8a7954342658bd63c1924601e3 (commit) from 1d33d03f0bb576601f5eef1a548cbc519f251b17 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bc2f5c1d1afbe8ba413e594639fd05f19df32f75 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 gpg: Create default keyring with .kbx suffix. * g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity. (keydb_add_resource): Fix order of args to maybe_create_keyring_or_box and check and create .kbx. diff --git a/g10/keydb.c b/g10/keydb.c index e735b4a..178456a 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -110,11 +110,13 @@ keyblock_cache_clear (void) /* Handle the creation of a keyring or a keybox if it does not yet - exist. Take into acount that other processes might have the + exist. Take into account that other processes might have the keyring/keybox already locked. This lock check does not work if - the directory itself is not yet available. */ + the directory itself is not yet available. If is IS_BOX is true + the filename is expected to be a keybox. If FORCE_CREATE is true + the keyring or keybox shall be created. */ static int -maybe_create_keyring_or_box (char *filename, int is_box, int force) +maybe_create_keyring_or_box (char *filename, int is_box, int force_create) { dotlock_t lockhd = NULL; IOBUF iobuf; @@ -129,14 +131,14 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force) /* If we don't want to create a new file at all, there is no need to go any further - bail out right here. */ - if (!force) + if (!force_create) return gpg_error (GPG_ERR_ENOENT); /* First of all we try to create the home directory. Note, that we don't do any locking here because any sane application of gpg would create the home directory by itself and not rely on gpg's - tricky auto-creation which is anyway only done for some home - directory name patterns. */ + tricky auto-creation which is anyway only done for certain home + directory name pattern. */ last_slash_in_filename = strrchr (filename, DIRSEP_C); #if HAVE_W32_SYSTEM { @@ -184,8 +186,8 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force) log_info ("can't allocate lock for '%s': %s\n", filename, gpg_strerror (rc)); - if (!force) - return gpg_error (GPG_ERR_ENOENT); + if (!force_create) + return gpg_error (GPG_ERR_ENOENT); /* Won't happen. */ else return rc; } @@ -289,6 +291,7 @@ keydb_add_resource (const char *url, unsigned int flags) char *filename = NULL; int create; int read_only = !!(flags&KEYDB_RESOURCE_FLAG_READONLY); + int is_default = !!(flags&KEYDB_RESOURCE_FLAG_DEFAULT); int rc = 0; KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE; void *token; @@ -334,8 +337,13 @@ keydb_add_resource (const char *url, unsigned int flags) /* See whether we can determine the filetype. */ if (rt == KEYDB_RESOURCE_TYPE_NONE) { - FILE *fp = fopen (filename, "rb"); + FILE *fp; + int pass = 0; + size_t filenamelen; + check_again: + filenamelen = strlen (filename); + fp = fopen (filename, "rb"); if (fp) { u32 magic; @@ -357,6 +365,20 @@ keydb_add_resource (const char *url, unsigned int flags) fclose (fp); } + else if (!pass + && is_default && create + && filenamelen > 4 && !strcmp (filename+filenamelen-4, ".gpg")) + { + /* The file does not exist, the default resource has been + requested, the file shall be created, and the file has a + ".gpg" suffix. Change the suffix to ".kbx" and try once + more. This way we achieve that we open an existing + ".gpg" keyring, but create a new keybox file with an + ".kbx" suffix. */ + strcpy (filename+filenamelen-4, ".kbx"); + pass++; + goto check_again; + } else /* No file yet: create keybox. */ rt = KEYDB_RESOURCE_TYPE_KEYBOX; } @@ -369,7 +391,7 @@ keydb_add_resource (const char *url, unsigned int flags) goto leave; case KEYDB_RESOURCE_TYPE_KEYRING: - rc = maybe_create_keyring_or_box (filename, create, 0); + rc = maybe_create_keyring_or_box (filename, 0, create); if (rc) goto leave; @@ -399,7 +421,7 @@ keydb_add_resource (const char *url, unsigned int flags) case KEYDB_RESOURCE_TYPE_KEYBOX: { - rc = maybe_create_keyring_or_box (filename, create, 1); + rc = maybe_create_keyring_or_box (filename, 1, create); if (rc) goto leave; commit a4205d5ed0371e8a7954342658bd63c1924601e3 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 doc: Fix --secret-keyring option for 2.1 -- diff --git a/doc/gpg.texi b/doc/gpg.texi index cee8ace..b8c4ab1 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1279,7 +1279,13 @@ use the specified keyring alone, use @option{--keyring} along with @item --secret-keyring @code{file} @opindex secret-keyring + at ifset gpgtwoone +This is an obsolete option and ignored. All secret keys are stored in +the @file{private-keys-v1.d} directory below the GnuPG home directory. + at end ifset + at ifclear gpgtwoone Same as @option{--keyring} but for the secret keyrings. + at end ifclear @item --primary-keyring @code{file} @opindex primary-keyring ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 6 ++++++ g10/keydb.c | 44 +++++++++++++++++++++++++++++++++----------- 2 files changed, 39 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 22 13:52:05 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Sep 2014 13:52:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-7-g2427bc5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2427bc5bc76b00cfe790e1f370113f5b4199e8fa (commit) from bc2f5c1d1afbe8ba413e594639fd05f19df32f75 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2427bc5bc76b00cfe790e1f370113f5b4199e8fa Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 speedo: Autodetect sha1sum tools. * build-aux/getswdb.sh: Add option --find-sha1sum. * build-aux/speedo.mk (check-tools): New phony target. Not yet used. (SHA1SUM): New var. Use it instead of sha1sum. diff --git a/build-aux/getswdb.sh b/build-aux/getswdb.sh index aa889ee..cef6c46 100755 --- a/build-aux/getswdb.sh +++ b/build-aux/getswdb.sh @@ -32,6 +32,7 @@ Usage: $(basename $0) [OPTIONS] Get the online version of the GnuPG software version database Options: --skip-download Assume download has already been done. + --find-sha1sum Print the name of the sha1sum utility --help Print this help. EOF exit $1 @@ -41,6 +42,7 @@ EOF # Parse options # skip_download=no +find_sha1sum=no while test $# -gt 0; do case "$1" in # Set up `optarg'. @@ -59,6 +61,9 @@ while test $# -gt 0; do --skip-download) skip_download=yes ;; + --find-sha1sum) + find_sha1sum=yes + ;; *) usage 1 1>&2 ;; @@ -66,7 +71,20 @@ while test $# -gt 0; do shift done -# Get GnuPG version from VERSIOn file. For a GIT checkout this means +# Mac OSX has only a shasum and not sha1sum +if [ ${find_sha1sum} = yes ]; then + for i in sha1sum shasum ; do + tmp=$($i /dev/null | cut -d ' ' -f1) + if [ x"$tmp" = x"da39a3ee5e6b4b0d3255bfef95601890afd80709" ]; then + echo "$i" + exit 0 + fi + done + echo "false" + exit 1 +fi + +# Get GnuPG version from VERSION file. For a GIT checkout this means # that ./autogen.sh must have been run first. For a regular tarball # VERSION is always available. if [ ! -f "$srcdir/../VERSION" ]; then diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 3c7ce72..a9ba6d4 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -63,40 +63,40 @@ help: SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1 -native: +native: check-tools $(SPEEDOMAKE) TARGETOS=native WHAT=release WITH_GUI=0 all -git-native: +git-native: check-tools $(SPEEDOMAKE) TARGETOS=native WHAT=git WITH_GUI=0 all -this-native: +this-native: check-tools $(SPEEDOMAKE) TARGETOS=native WHAT=this WITH_GUI=0 all -native-gui: +native-gui: check-tools $(SPEEDOMAKE) TARGETOS=native WHAT=release WITH_GUI=1 all -git-native-gui: +git-native-gui: check-tools $(SPEEDOMAKE) TARGETOS=native WHAT=git WITH_GUI=1 all -this-native-gui: +this-native-gui: check-tools $(SPEEDOMAKE) TARGETOS=native WHAT=this WITH_GUI=1 all -w32-installer: +w32-installer: check-tools $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=1 installer -git-w32-installer: +git-w32-installer: check-tools $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 installer -this-w32-installer: +this-w32-installer: check-tools $(SPEEDOMAKE) TARGETOS=w32 WHAT=this WITH_GUI=1 installer -w32-source: +w32-source: check-tools $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=1 dist-source -git-w32-source: +git-w32-source: check-tools $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 dist-source -this-w32-source: +this-w32-source: check-tools $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 dist-source @@ -548,6 +548,12 @@ W32CC = i686-w64-mingw32-gcc MKDIR=mkdir MAKENSIS=makensis +SHA1SUM := $(shell $(topsrc)/build-aux/getswdb.sh --find-sha1sum) +ifeq ($(SHA1SUM),false) +$(error The sha1sum tool is missing) +endif + + BUILD_ISODATE=$(shell date -u +%Y-%m-%d) # The next two macros will work only after gnupg has been build. @@ -583,7 +589,6 @@ endif - # The playground area is our scratch area, where we unpack, build and # install the packages. $(stampdir)/stamp-directories: @@ -723,7 +728,7 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories esac; \ if [ -f tmp.tgz ]; then \ if [ -n "$$$${sha1}" ]; then \ - tmp=$$$$(sha1sum This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 59b6f6f16e095162358ac2001aeb2c058de2fd1e (commit) from 2427bc5bc76b00cfe790e1f370113f5b4199e8fa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 59b6f6f16e095162358ac2001aeb2c058de2fd1e Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 speedo: Check that wget and gpgv are installed. * build-aux/getswdb.sh: Check for required tools. diff --git a/build-aux/getswdb.sh b/build-aux/getswdb.sh index cef6c46..a7796e2 100755 --- a/build-aux/getswdb.sh +++ b/build-aux/getswdb.sh @@ -94,6 +94,12 @@ fi version=$(cat "$srcdir/../VERSION") version_num=$(echo "$version" | cvtver) +if ! $GPGV --version >/dev/null 2>/dev/null ; then + echo "command \"gpgv\" is not installed" >&2 + echo "(please install an older version of GnuPG)" >&2 + exit 1 +fi + # # Download the list and verify. # @@ -107,6 +113,11 @@ if [ $skip_download = yes ]; then exit 1 fi else + if ! $WGET --version >/dev/null 2>/dev/null ; then + echo "command \"wget\" is not installed" >&2 + exit 1 + fi + if ! $WGET -q -O swdb.lst "$urlbase/swdb.lst" ; then echo "download of swdb.lst failed." >&2 exit 1 ----------------------------------------------------------------------- Summary of changes: build-aux/getswdb.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 22 18:28:07 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Sep 2014 18:28:07 +0200 Subject: [git] gnupg-doc - branch, master, updated. a2b4c989e971b3a7af19cd3feaef76c2a5003cee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via a2b4c989e971b3a7af19cd3feaef76c2a5003cee (commit) via 8c726650e77a37b9191e3eabcb0ae8ed5a123684 (commit) via fc2fb1721c38b2f99d5dbad6ed9c225fcaa51b13 (commit) from 96c1d83f9b4b74cca4b1304be795ae54424dbc79 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a2b4c989e971b3a7af19cd3feaef76c2a5003cee Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 web: Move some menu items to the bottom. diff --git a/web/index.org b/web/index.org index c89694c..b42a7d8 100644 --- a/web/index.org +++ b/web/index.org @@ -33,13 +33,6 @@ English and German manuals. Project [[http://gpgtools.org][GPGTools]] provides a Mac OS X version of GnuPG. It is nicely integrated into an installer and features all required tools. -#+BEGIN_HTML -

This site is currently undergoing a complete redesign. - We apologize for any inconveniences like broken links - or bad formatting. Please do not report such problems as we are probably - already aware of them. (2014-05-28 wk)

-#+END_HTML - * Reconquer your privacy Even if you have nothing to hide, using encryption helps protect the diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 46bc760..17897f4 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -98,11 +98,11 @@ if not available." (("/related_software/frontends.html" "Frontends") ("/related_software/tools.html" "Tools") ("/related_software/libraries.html" "Libraries") - ("/related_software/swlist.html" "All"))) - ("/blog/index.html" - "Blog" - ()) - ("/privacy-policy.html" + ("/related_software/swlist.html" "All")))) + "The definition of the gnupg.org menu structure.") + +(defconst gpgweb-gnupg-bottom-menu-alist + '(("/privacy-policy.html" "Privacy Policy" ()) ("/imprint.html" @@ -113,8 +113,12 @@ if not available." ()) ("/sitemap.html" "Sitemap" + ()) + ("/blog/index.html" + "Blog" ())) - "The definition of the gnupg.org menu structure.") + "The definition of the gnupg.org bottom menu structure.") + (defun gpgweb--any-selected-menu-p (menu selected-file) "Return t if any item in MENU has been selected." @@ -172,23 +176,38 @@ if not available." "))) (defun gpgweb-insert-footer () + (goto-char (point-max)) + (insert " +
+

This site is currently undergoing a complete redesign. + We apologize for any inconveniences like broken links + or bad formatting. Please do not report such problems as we are probably + already aware of them. (2014-05-28 wk)

+
+
    +") + (gpgweb--insert-menu gpgweb-gnupg-bottom-menu-alist 0 nil) + (insert "
+
+") (goto-char (point-min)) (unless (search-forward "" nil t) (goto-char (point-max)) - (insert "
+ (insert "
\"CC-BY-SA
+ src=\"/share/cc-by-sa-3.0_80x15.png\"/>  These web pages are Copyright 1998--2014 The GnuPG Project? and licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. See copying for details. -
- +
\n")) + (goto-char (point-max)) + (insert "
-"))) +")) ;;; Post-process the generated HTML file: diff --git a/web/share/site.css b/web/share/site.css index e7b0ea5..8930940 100644 --- a/web/share/site.css +++ b/web/share/site.css @@ -149,7 +149,7 @@ div.entry-qotd padding-top: 5%; font-size: 125%; border-bottom: 3px #FFb580 solid; - font-family: verdana,arial,helvetica; + font-family: verdana,helvetica; margin-bottom: 2%; } @@ -213,6 +213,29 @@ nav img { } +#nav_bottom ul { + list-style: none; + padding-left: 0; + margin-left: 0; + float: left; +} + +#nav_bottom li { + float: left; + padding-right: 3em; +} + +#nav_bottom p { + clear: left; + padding-top: 1em; +} + +#nav_bottom a { + clear: left; + font-variant: normal; +} + + /* Other stuff */ @@ -261,7 +284,6 @@ div.outline-text-3 { } #cpyright { - font-size: 0.6em; padding-top: 4em; } @@ -270,15 +292,12 @@ div.outline-text-3 { } #footer { + border-top: 2px solid #5c6064; margin-top: 5em; - margin-left: 10%; - width: 80%; + margin-left: 5%; + margin-right: 5%; clear: both; -} - -#footer p { - font-size: 0.3em; - padding: 2em 0; + font-size: 0.8em; } commit 8c726650e77a37b9191e3eabcb0ae8ed5a123684 Author: Werner Koch Date: Thu Sep 18 13:22:41 2014 +0200 swdb: Several releases and added zlib and bzip. diff --git a/web/swdb.mac b/web/swdb.mac index 8f1d23a..3392047 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -45,14 +45,15 @@ # #+macro: gpa_ver 0.9.5 #+macro: gpa_size 716k +#+macro: gpa_sha1 ea53b934a7f5dd4e2dfb35dac2b35cafc7b54c90 # # PINENTRY # -#+macro: pinentry_ver 0.8.2 -#+macro: pinentry_size 418k -#+macro: pinentry_sha1 eeee9e80ea02f63bdac1cb03eb1785ab2cd57f90 +#+macro: pinentry_ver 0.8.4 +#+macro: pinentry_size 505k +#+macro: pinentry_sha1 36c94980ceab5c15e188de121f7ab4c7ee6b3521 # @@ -75,9 +76,9 @@ # # LIBKSBA # -#+macro: libksba_ver 1.3.0 -#+macro: libksba_size 610k -#+macro: libksba_sha1 241afcb2dfbf3f3fc27891a53a33f12d9084d772 +#+macro: libksba_ver 1.3.1 +#+macro: libksba_size 584k +#+macro: libksba_sha1 6bfe285dbc3a7b6e295f9389c20ea1cdf4947ee5 # @@ -91,9 +92,9 @@ # # LIBGPG-ERROR # -#+macro: libgpg_error_ver 1.15 +#+macro: libgpg_error_ver 1.16 #+macro: libgpg_error_size 534k -#+macro: libgpg_error_sha1 f41791121c66043fa18834597e0155ebcbff8ada +#+macro: libgpg_error_sha1 059c40a2b78c3ac2b4cbec0e0481faba5af332fe # @@ -107,15 +108,28 @@ # # nPth # -#+macro: npth_ver 0.91 +#+macro: npth_ver 1.0 +#+macro: npth_sha1 3c0673144f8baffda3a3aaab3f6853acc58146c7 # # GpgEX # #+macro: gpgex_ver 1.0.1 +#+macro: gpgex_sha1 eb54767fd8e3728e8d14c7c158e0841b67c714a6 +# +# zlib (mirrored at our server) +# +#+macro: zlib_ver 1.2.8 +#+macro: zlib_sha1_gz a4d316c404ff54ca545ea71a27af7dbc29817088 + +# +# bzip2 (mirrored and stripped down version) +# +#+macro: bzip2_ver 1.0.6-g10 +#+macro: bzip2_sha1_gz 6e38be3377340a21a1f13ff84b5e6adce97cd1d4 # --- end of swdb.mac --- commit fc2fb1721c38b2f99d5dbad6ed9c225fcaa51b13 Author: Werner Koch Date: Wed Sep 17 03:53:01 2014 +0200 web: Fix link to gpgme diff --git a/web/donate/index.org b/web/donate/index.org index e1fa444..a1085e4 100644 --- a/web/donate/index.org +++ b/web/donate/index.org @@ -11,7 +11,7 @@ GnuPG carries an [[https://www.fsf.org][FSF]] copyright notice, they never funded the development or hosting costs. - If you are using [[http://gnupg.org][GnuPG]], [[http://directory.fsf.org/project/libgcrypt/][Libgcrypt]], [[http://gnupg.org/related_software/gpgme/][GPGME]], or [[https://www.gpg4win.org][Gpg4win]] and would like + If you are using [[../index.org][GnuPG]], [[http://directory.fsf.org/project/libgcrypt/][Libgcrypt]], [[../related_software/gpgme/index.org][GPGME]], or [[https://www.gpg4win.org][Gpg4win]] and would like to help with development and maintenance please consider to make a donation. diff --git a/web/related_software/gpgme/index.org b/web/related_software/gpgme/index.org index 1855cf7..d0a76a7 100644 --- a/web/related_software/gpgme/index.org +++ b/web/related_software/gpgme/index.org @@ -16,11 +16,7 @@ can be done at a central place and every application benefits from this. - Especially authors of - #+html: - MUAs - #+html: - should consider to use GPGME. It is even planned to create a set of - standard widgets for common key selection tasks. + Especially authors of @@html:@@MUAs@@html:@@ should consider to use GPGME. - See [[https://www.gnupg.org/download/index.org#gpgme][download]] section to download the latest tarball. + See [[../../download/index.org::#gpgme][download]] section to download the latest tarball. ----------------------------------------------------------------------- Summary of changes: web/donate/index.org | 2 +- web/index.org | 7 ------ web/related_software/gpgme/index.org | 10 +++------ web/share/gpgweb.el | 41 +++++++++++++++++++++++++--------- web/share/site.css | 37 ++++++++++++++++++++++-------- web/swdb.mac | 32 ++++++++++++++++++-------- 6 files changed, 85 insertions(+), 44 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 23 08:58:09 2014 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 23 Sep 2014 08:58:09 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.16-2-g33e5504 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 33e5504fbb5e5e2ff44023c0a22dfb668ff8b10f (commit) from a39ffed155b14865a1ea00f9b2f19e601874044c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 33e5504fbb5e5e2ff44023c0a22dfb668ff8b10f Author: Daniel Kahn Gillmor Date: Mon Sep 22 15:44:40 2014 -0400 Add new lock-obj-pub for powerpc64el-unknown-linux-gnu. * src/syscfg/lock-obj-pub.powerpc64el-unknown-linux-gnu.h: New. * src/Makefile.am (lock_obj_pub): Add. -- Here is a arch-specific lock-obj header file for little-endian 64-bit powerpc. Debian-bug-id: 762322 diff --git a/src/Makefile.am b/src/Makefile.am index 10810a6..def0f45 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -57,6 +57,7 @@ lock_obj_pub = \ syscfg/lock-obj-pub.mipsel-unknown-linux-gnu.h \ syscfg/lock-obj-pub.powerpc-unknown-linux-gnu.h \ syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h \ + syscfg/lock-obj-pub.powerpc64el-unknown-linux-gnu.h \ syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h \ syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h \ syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h \ diff --git a/src/syscfg/lock-obj-pub.powerpc64el-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.powerpc64el-unknown-linux-gnu.h new file mode 100644 index 0000000..79073d4 --- /dev/null +++ b/src/syscfg/lock-obj-pub.powerpc64el-unknown-linux-gnu.h @@ -0,0 +1,25 @@ +## lock-obj-pub.powerpc64le-unknown-linux-gnu.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[40]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 1 + ...nown-linux-gnu.h => lock-obj-pub.powerpc64el-unknown-linux-gnu.h} | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) copy src/syscfg/{lock-obj-pub.powerpc64-unknown-linux-gnu.h => lock-obj-pub.powerpc64el-unknown-linux-gnu.h} (92%) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 23 17:33:35 2014 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Tue, 23 Sep 2014 17:33:35 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.16-3-gf227618 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via f227618e9e0d01e9dd1afbd91f9a509a532717eb (commit) from 33e5504fbb5e5e2ff44023c0a22dfb668ff8b10f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f227618e9e0d01e9dd1afbd91f9a509a532717eb Author: Daniel Kahn Gillmor Date: Tue Sep 23 11:17:04 2014 -0400 Add new lock-obj-pub for sparc64-unknown-linux-gnu. * src/syscfg/lock-obj-pub.sparc64-unknown-linux-gnu.h: New. * src/Makefile.am (lock_obj_pub): Add. -- Helmut Grohne writes: Julien Cristau pointed out that sparc porter machines run 64bit kernels and can execute 64bit executables. So here we go. I crossed gen-posix-lock-obj for sparc64, verified that it is indeed a 64bit executable and attach its output. Debian-bug-id: 762322 diff --git a/src/Makefile.am b/src/Makefile.am index def0f45..62579dc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -61,6 +61,7 @@ lock_obj_pub = \ syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h \ syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h \ syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h \ + syscfg/lock-obj-pub.sparc64-unknown-linux-gnu.h \ syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h \ syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h \ syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h \ diff --git a/src/syscfg/lock-obj-pub.sparc64-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.sparc64-unknown-linux-gnu.h new file mode 100644 index 0000000..ee309a9 --- /dev/null +++ b/src/syscfg/lock-obj-pub.sparc64-unknown-linux-gnu.h @@ -0,0 +1,25 @@ +## lock-obj-pub.sparc64-unknown-linux-gnu.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[40]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 1 + ...86_64-pc-linux-gnu.h => lock-obj-pub.sparc64-unknown-linux-gnu.h} | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) copy src/syscfg/{lock-obj-pub.x86_64-pc-linux-gnu.h => lock-obj-pub.sparc64-unknown-linux-gnu.h} (92%) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 24 15:03:43 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 24 Sep 2014 15:03:43 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.1-8-gcde19f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via cde19f94d60145309494a929633fc24a8c3d2c9c (commit) via 2e8ecc24cf74f918c303c315da3bb18636a5e288 (commit) via 36997e0f746ce2d38de997055141542583cc0f52 (commit) from 4160ef90a1b1b778c735f31f98a6966ba3b3ea90 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cde19f94d60145309494a929633fc24a8c3d2c9c Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 Add ftp and git URLs to AUTHORS. -- diff --git a/AUTHORS b/AUTHORS index 65e6368..688f9ec 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,5 +1,7 @@ Package: gpgme Homepage: http://www.gnupg.org/related_software/gpgme/ +Download: ftp://ftp.gnupg.org/gcrypt/gpgme/ +Repository: git://git.gnupg.org/gpgme.git Maintainer: Werner Koch Bug reports: http://bugs.gnupg.org (use category "gpgme") Security related bug reports: security at gnupg.org commit 2e8ecc24cf74f918c303c315da3bb18636a5e288 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 tests: Delay some test file extraction until "make check". * tests/gpg/Makefile.am (all-local): Change to check-local. * tests/gpgsm/Makefile.am (all-local): Ditto. diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index b428cf2..5c1266e 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -70,7 +70,7 @@ clean-local: -$(srcdir)/start-stop-agent --stop -rm -fR private-keys-v1.d -all-local: ./gpg.conf ./gpg-agent.conf ./pubring.gpg \ +check-local: ./gpg.conf ./gpg-agent.conf ./pubring.gpg \ ./private-keys-v1.d/gpg-sample.stamp export GNUPGHOME := $(abs_builddir) diff --git a/tests/gpgsm/Makefile.am b/tests/gpgsm/Makefile.am index 45b3b50..ecc53a6 100644 --- a/tests/gpgsm/Makefile.am +++ b/tests/gpgsm/Makefile.am @@ -47,7 +47,8 @@ clean-local: -gpg-connect-agent KILLAGENT /bye -rm -fR private-keys-v1.d -all-local: ./pubring.kbx ./gpgsm.conf ./private-keys-v1.d/$(key_id).key ./trustlist.txt +check-local: ./pubring.kbx ./gpgsm.conf \ + ./private-keys-v1.d/$(key_id).key ./trustlist.txt export GNUPGHOME := $(abs_builddir) commit 36997e0f746ce2d38de997055141542583cc0f52 Author: Daniel Kahn Gillmor Date: Tue Sep 23 12:46:00 2014 -0400 Clean up gpgme's tests/gpg when gpg2.1 is available * tests/gpg/Makefile.am: Clean up .gpg-v21-migrated -- We also need to gitignore this file. diff --git a/tests/gpg/.gitignore b/tests/gpg/.gitignore index e60bfe5..d79ace7 100644 --- a/tests/gpg/.gitignore +++ b/tests/gpg/.gitignore @@ -1,4 +1,5 @@ .deps +.gpg-v21-migrated .libs gpg-agent.conf gpg.conf diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index e72bd49..b428cf2 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -43,7 +43,7 @@ TESTS = initial.test $(c_tests) final.test CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \ - random_seed S.gpg-agent + random_seed S.gpg-agent .gpg-v21-migrated private_keys = \ 13CD0F3BDF24BE53FE192D62F18737256FF6E4FD \ ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 ++ tests/gpg/.gitignore | 1 + tests/gpg/Makefile.am | 4 ++-- tests/gpgsm/Makefile.am | 3 ++- 4 files changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 24 15:15:21 2014 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Wed, 24 Sep 2014 15:15:21 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.16-5-gd620005 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via d620005fd1a655d591fccb44639e22ea445e4554 (commit) via efb2442458c8dd8d5af5a533dc09370b54f5f86f (commit) from f227618e9e0d01e9dd1afbd91f9a509a532717eb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d620005fd1a655d591fccb44639e22ea445e4554 Author: Daniel Kahn Gillmor Date: Tue Sep 23 18:34:32 2014 -0400 Allow ./configure to explicitly set libgpg-error's build timestamp * configure.ac: add --enable-build-timestamp -- A group within Debian is working on making the archive rebuildable in a reproducible way, so that the compiled binary outputs are byte-for-byte identical when built for the same platform using the same toolchain. This is useful in providing auditability and corroboration for users of the operating system. libgpg-error is very close to reproducible except for embedding the build timestamp in the generated binary. This timestamp is set in config.h during ./configure. This patch allows an external build system to set this embedded timestamp explicitly, which appears to make the package build repeatably when ./configure is called with (for example) --enable=build-timestamp=2014-09-23T01:02+0000 Debian-bug-id: 762397 (Minor reformatting and NEWS entry by wk.) diff --git a/NEWS b/NEWS index 80975ad..e3c2097 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,9 @@ Noteworthy changes in version 1.17 (unreleased) [C12/A12/R_] ----------------------------------------------- - * Add an errot source code for an TLS protocol library. + * New error source code for TLS protocol libraries. + + * New configure option --enable-build-timestamp. * Interface changes relative to the 1.16 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/configure.ac b/configure.ac index b32b751..4652a2b 100644 --- a/configure.ac +++ b/configure.ac @@ -484,7 +484,17 @@ changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}0,mym4_revision_dec" AC_SUBST(BUILD_FILEVERSION) -BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + +AC_ARG_ENABLE([build-timestamp], + AC_HELP_STRING([--enable-build-timestamp], + [set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format)]), + [if test "$enableval" = "no"; then + BUILD_TIMESTAMP="" + else + BUILD_TIMESTAMP="$enableval" + fi], + [BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`]) AC_SUBST(BUILD_TIMESTAMP) AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", [The time this package was configured for a build]) commit efb2442458c8dd8d5af5a533dc09370b54f5f86f Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 Add new error source GPG_ERR_SOURCE_TLS. diff --git a/NEWS b/NEWS index 4f754a2..80975ad 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ Noteworthy changes in version 1.17 (unreleased) [C12/A12/R_] ----------------------------------------------- + * Add an errot source code for an TLS protocol library. + + * Interface changes relative to the 1.16 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPG_ERR_SOURCE_TLS NEW. + Noteworthy changes in version 1.16 (2014-09-18) [C12/A12/R2] ----------------------------------------------- diff --git a/src/err-sources.h.in b/src/err-sources.h.in index 34c1817..9a06c8f 100644 --- a/src/err-sources.h.in +++ b/src/err-sources.h.in @@ -46,6 +46,8 @@ 14 GPG_ERR_SOURCE_G13 G13 15 GPG_ERR_SOURCE_ASSUAN Assuan +17 GPG_ERR_SOURCE_TLS TLS + # 15 to 30 are free to be used. 31 GPG_ERR_SOURCE_ANY Any source ----------------------------------------------------------------------- Summary of changes: NEWS | 8 ++++++++ configure.ac | 12 +++++++++++- src/err-sources.h.in | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 24 15:26:55 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 24 Sep 2014 15:26:55 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.16-6-g1d3f2ac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 1d3f2ac2165a76d0283f5487ff36883720f11169 (commit) from d620005fd1a655d591fccb44639e22ea445e4554 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1d3f2ac2165a76d0283f5487ff36883720f11169 Author: Werner Koch Date: Wed Sep 24 15:26:49 2014 +0200 Add DCO policy statement. -- Which is: We do not collect DCOs for libgpg-error. As a supporting library for GnuPG, Libgcrypt, and GPGME a DCO for any of these projects is sufficient. diff --git a/AUTHORS b/AUTHORS index ae4400f..9f91253 100644 --- a/AUTHORS +++ b/AUTHORS @@ -62,6 +62,15 @@ Yuri Chornoivan - TRANSLATION [uk] +Authors with a DCO +================== + +We do not collect DCOs for libgpg-error. As a supporting library for +GnuPG, Libgcrypt, and GPGME a DCO for any of these projects is +sufficient. + + + Copyright 2003, 2004, 2005, 2006, 2007, 2013 g10 Code GmbH This file is free software; as a special exception the author gives ----------------------------------------------------------------------- Summary of changes: AUTHORS | 9 +++++++++ 1 file changed, 9 insertions(+) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Sep 24 15:27:15 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 24 Sep 2014 15:27:15 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.1-9-g7273ab3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7273ab387a7b4c44cae8d94711c4991e7754bc95 (commit) from cde19f94d60145309494a929633fc24a8c3d2c9c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7273ab387a7b4c44cae8d94711c4991e7754bc95 Author: Werner Koch Date: Wed Sep 24 15:24:05 2014 +0200 Register DCO for Daniel Kahn Gillmor. -- diff --git a/AUTHORS b/AUTHORS index 688f9ec..6197416 100644 --- a/AUTHORS +++ b/AUTHORS @@ -14,7 +14,6 @@ FSF - Other from FSF projects: src/setenv.c, src/vasprintf.c, src/stpcpy.c, src/w32-ce.c. - g10 Code GmbH - All stuff since mid march 2001. @@ -25,6 +24,15 @@ Wojciech Polak - gpgme.spec +Authors with a DCO +================== + +Daniel Kahn Gillmor +2014-09-24:878ul9w4j8.fsf at alice.fifthhorseman.net: + + + + Copyright 2001, 2002, 2012, 2013 g10 Code GmbH This file is free software; as a special exception the author gives ----------------------------------------------------------------------- Summary of changes: AUTHORS | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 25 08:45:10 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 25 Sep 2014 08:45:10 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-11-g26592fb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 26592fbef392469d60a49b8c29db8c0fb074ff78 (commit) via 64c15a7e11e82b0aca63a0379350b89ed1be6aa6 (commit) via fb223be97b01e2ac7993e10da2bad65c1a08cbd1 (commit) from 59b6f6f16e095162358ac2001aeb2c058de2fd1e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 26592fbef392469d60a49b8c29db8c0fb074ff78 Author: Werner Koch Date: Thu Sep 25 08:44:57 2014 +0200 build: Change urlbase of getswdb.sh. -- diff --git a/build-aux/getswdb.sh b/build-aux/getswdb.sh index a7796e2..8b1d5e5 100755 --- a/build-aux/getswdb.sh +++ b/build-aux/getswdb.sh @@ -11,7 +11,9 @@ # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # The URL of the file to retrieve. -urlbase="https://www.gnupg.org/" +# (some wget versions seem to have problems with SubjectAltName, thus +# we do not use www.gnupg.org) +urlbase="https://gnupg.org/" WGET=wget GPGV=gpgv commit 64c15a7e11e82b0aca63a0379350b89ed1be6aa6 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 Reformat README and minor gpg.texi improvement. -- The second thing is to explain the file names below under ~/.gnupg/openpgp-revocs.d/. diff --git a/README b/README index 372d84a..94c0756 100644 --- a/README +++ b/README @@ -8,203 +8,215 @@ Copyright 1998-2013 Free Software Foundation, Inc. -INTRODUCTION -============ +* INTRODUCTION -GnuPG is a tool for secure communication and data storage. It can be -used to encrypt data and to create digital signatures. It includes an -advanced key management facility and is compliant with the proposed -OpenPGP Internet standard as described in RFC4880 and the S/MIME -standard as described by several RFCs. + GnuPG is a tool for secure communication and data storage. It can + be used to encrypt data and to create digital signatures. It + includes an advanced key management facility and is compliant with + the proposed OpenPGP Internet standard as described in RFC4880 and + the S/MIME standard as described by several RFCs. -GnuPG is distributed under the terms of the GNU General Public -License. See the file COPYING for details. GnuPG works best on -GNU/Linux or *BSD systems. Most other Unices are also supported but -are not as well tested as the Free Unices. + GnuPG is distributed under the terms of the GNU General Public + License. See the file COPYING for details. GnuPG works best on + GNU/Linux or *BSD systems. Most other Unices are also supported but + are not as well tested as the Free Unices. -GnuPG-2 is the stable version of GnuPG integrating support for OpenPGP -and S/MIME. It does not conflict with an installed 1.4 OpenPGP-only -version. + GnuPG-2 is the stable version of GnuPG integrating support for + OpenPGP and S/MIME. It does not conflict with an installed 1.4 + OpenPGP-only version. -BUILD INSTRUCTIONS -================== +* BUILD INSTRUCTIONS -GnuPG 2.1 depends on the following packages: + GnuPG 2.1 depends on the following GnuPG related packages: - npth (ftp://ftp.gnupg.org/gcrypt/npth/) - libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) - libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) - libksba (ftp://ftp.gnupg.org/gcrypt/libksba/) - libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/) + npth (ftp://ftp.gnupg.org/gcrypt/npth/) + libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) + libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) + libksba (ftp://ftp.gnupg.org/gcrypt/libksba/) + libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/) -You should get the latest versions of course, the GnuPG configure -script complains if a version is not sufficient. + You should get the latest versions of course, the GnuPG configure + script complains if a version is not sufficient. -For some advanced features several other libraries are required. The -configure script prints diagnostic messages if one of these libraries -is not available and a feature will not be available.. + For some advanced features several other libraries are required. + The configure script prints diagnostic messages if one of these + libraries is not available and a feature will not be available.. -You also need the Pinentry package for most functions of GnuPG; -however it is not a build requirement. Pinentry is available at -ftp://ftp.gnupg.org/gcrypt/pinentry/ . + You also need the Pinentry package for most functions of GnuPG; + however it is not a build requirement. Pinentry is available at + ftp://ftp.gnupg.org/gcrypt/pinentry/ . -After building and installing the above packages in the order as given -above, you may continue with GnuPG installation (you may also just try -to build GnuPG to see whether your already installed versions are -sufficient). + After building and installing the above packages in the order as + given above, you may continue with GnuPG installation (you may also + just try to build GnuPG to see whether your already installed + versions are sufficient). -As with all packages, you just have to do + As with all packages, you just have to do - ./configure - make - make install + ./configure + make + make install -(Before doing install you might need to become root.) + (Before doing install you might need to become root.) -If everything succeeds, you have a working GnuPG with support for -OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no -binary gpg but a gpg2 so that this package won't conflict with a GnuPG -1.4 installation. gpg2 behaves just like gpg. + If everything succeeds, you have a working GnuPG with support for + OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no + binary gpg but a gpg2 so that this package won't conflict with a + GnuPG 1.4 installation. gpg2 behaves just like gpg. -In case of problem please ask on the gnupg-users at gnupg.org mailing -list for advise. + In case of problem please ask on the gnupg-users at gnupg.org mailing + list for advise. -Instruction on how to build for Windows can be found in the file -doc/HACKING in the section "How to build an installer for Windows". -This requires some experience as developer. + Instruction on how to build for Windows can be found in the file + doc/HACKING in the section "How to build an installer for Windows". + This requires some experience as developer. -Note that the PKITS tests are always skipped unless you copy the PKITS -test data file into the tests/pkits directory. There is no need to -run these test and some of them may even fail because the test scripts -are not yet complete. + Note that the PKITS tests are always skipped unless you copy the + PKITS test data file into the tests/pkits directory. There is no + need to run these test and some of them may even fail because the + test scripts are not yet complete. -You may run + You may run - gpgconf --list-dirs + gpgconf --list-dirs -to view the default directories used by GnuPG. + to view the default directories used by GnuPG. -To quickly build all required software without installing it, the -Speedo method may be used: + To quickly build all required software without installing it, the + Speedo method may be used: - make -f build-aux/speedo.mk native + make -f build-aux/speedo.mk native -This method downloads all required libraries and does a native build -of GnuPG to PLAY/inst/. GNU make is required and you need to set -LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib. + This method downloads all required libraries and does a native build + of GnuPG to PLAY/inst/. GNU make is required and you need to set + LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib to test the binaries. +** Specific build problems on some machines: -MIGRATION FROM 1.4 or 2.0 to 2.1 -================================ +*** Apple OSX 10.x using XCode -The major change in 2.1 is gpg-agent taking care of the OpenPGP secret -keys (those managed by GPG). The former file "secring.gpg" will not -be used anymore. Newly generated keys are stored in the agent's key -store directory "~/.gnupg/private-keys-v1.d/". The first time gpg -needs a secret key it checks whether a "secring.gpg" exists and -copies them to the new store. The old secring.gpg is kept for use by -older versions of gpg. + On some versions the correct location of a header file can't be + detected by configure. To fix that you should run configure like + this -Note that gpg-agent now uses a fixed socket by default. All tools -will start the gpg-agent as needed. In general there is no more need -to set the GPG_AGENT_INFO environment variable. The SSH_AUTH_SOCK -environment variable should be set to a fixed value. + ./configure gl_cv_absolute_stdint_h=/usr/include/stdint.h -GPG's smartcard commands --card-edit and --card-status as well as some -of the card related sub-commands of --edit-key are not yet fully -supported. However, signing and decryption with a smartcard does -work. + Add other options as needed. -The Dirmngr is now part of GnuPG proper and also used to access -OpenPGP keyservers. The directroy layout of Dirmngr changed to make -use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as -needed needed. There is no more need to install a separate dirmngr -package. +* MIGRATION from 1.4 or 2.0 to 2.1 + The major change in 2.1 is gpg-agent taking care of the OpenPGP + secret keys (those managed by GPG). The former file "secring.gpg" + will not be used anymore. Newly generated keys are stored in the + agent's key store directory "~/.gnupg/private-keys-v1.d/". The + first time gpg needs a secret key it checks whether a "secring.gpg" + exists and copies them to the new store. The old secring.gpg is + kept for use by older versions of gpg. -DOCUMENTATION -============= + GPG's smartcard commands --card-edit and --card-status as well as some + of the card related sub-commands of --edit-key are not yet fully + supported. However, signing and decryption with a smartcard does + work. -The complete documentation is in the texinfo manual named -`gnupg.info'. Run "info gnupg" to read it. If you want a a printable -copy of the manual, change to the "doc" directory and enter "make pdf" -For a HTML version enter "make html" and point your browser to -gnupg.html/index.html. Standard man pages for all components are -provided as well. An online version of the manual is available at -http://www.gnupg.org/documentation/manuals/gnupg/ . A version of the -manual pertaining to the current development snapshot is at -http://www.gnupg.org/documentation/manuals/gnupg-devel/ . + Note that gpg-agent now uses a fixed socket by default. All tools + will start the gpg-agent as needed. In general there is no more + need to set the GPG_AGENT_INFO environment variable. The + SSH_AUTH_SOCK environment variable should be set to a fixed value. + The Dirmngr is now part of GnuPG proper and also used to access + OpenPGP keyservers. The directroy layout of Dirmngr changed to make + use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as + needed needed. There is no more need to install a separate dirmngr + package. -GNUPG 1.4 AND GNUPG 2.0 -======================= -GnuPG 2.0 is a newer version of GnuPG with additional support for -S/MIME. It has a different design philosophy that splits -functionality up into several modules. Both versions may be installed -simultaneously without any conflict (gpg is called gpg2 in GnuPG 2). -In fact, the gpg version from GnuPG 1.4 is able to make use of the -gpg-agent as included in GnuPG 2 and allows for seamless passphrase -caching. The advantage of GnuPG 1.4 is its smaller size and no -dependency on other modules at run and build time. +* DOCUMENTATION -HOW TO GET MORE INFORMATION -=========================== + The complete documentation is in the texinfo manual named + `gnupg.info'. Run "info gnupg" to read it. If you want a a + printable copy of the manual, change to the "doc" directory and + enter "make pdf" For a HTML version enter "make html" and point your + browser to gnupg.html/index.html. Standard man pages for all + components are provided as well. An online version of the manual is + available at http://www.gnupg.org/documentation/manuals/gnupg/ . A + version of the manual pertaining to the current development snapshot + is at http://www.gnupg.org/documentation/manuals/gnupg-devel/ . -The primary WWW page is "https://www.gnupg.org" - or using TOR "http://ic6au7wa3f6naxjq.onion" -The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" -See https://www.gnupg.org/download/mirrors.html for a list of mirrors -and use them if possible. You may also find GnuPG mirrored on some of -the regular GNU mirrors. +* GnuPG 1.4 and GnuPG 2.0 -We have some mailing lists dedicated to GnuPG: + GnuPG 2.0 is a newer version of GnuPG with additional support for + S/MIME. It has a different design philosophy that splits + functionality up into several modules. Both versions may be + installed simultaneously without any conflict (gpg is called gpg2 in + GnuPG 2). In fact, the gpg version from GnuPG 1.4 is able to make + use of the gpg-agent as included in GnuPG 2 and allows for seamless + passphrase caching. The advantage of GnuPG 1.4 is its smaller size + and no dependency on other modules at run and build time. - gnupg-announce at gnupg.org For important announcements like new - versions and such stuff. This is a - moderated list and has very low traffic. - Do not post to this list. - gnupg-users at gnupg.org For general user discussion and - help (English). +* HOW TO GET MORE INFORMATION - gnupg-de at gnupg.org German speaking counterpart of - gnupg-users. + The primary WWW page is "https://www.gnupg.org" + or using TOR "http://ic6au7wa3f6naxjq.onion" + The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" - gnupg-ru at gnupg.org Russian speaking counterpart of - gnupg-users. + See https://www.gnupg.org/download/mirrors.html for a list of + mirrors and use them if possible. You may also find GnuPG mirrored + on some of the regular GNU mirrors. - gnupg-devel at gnupg.org GnuPG developers main forum. + We have some mailing lists dedicated to GnuPG: -You subscribe to one of the list by sending mail with a subject of -"subscribe" to x-request at gnupg.org, where x is the name of the mailing -list (gnupg-announce, gnupg-users, etc.). An archive of the mailing -lists are available at http://www.gnupg.org/documentation/mailing-lists.html + gnupg-announce at gnupg.org For important announcements like new + versions and such stuff. This is a + moderated list and has very low traffic. + Do not post to this list. -Please direct bug reports to http://bugs.gnupg.org or post them direct -to the mailing list . + gnupg-users at gnupg.org For general user discussion and + help (English). -Please direct questions about GnuPG to the users mailing list or one -of the pgp newsgroups; please do not direct questions to one of the -authors directly as we are busy working on improvements and bug fixes. -The English and German mailing lists are watched by the authors and we -try to answer questions when time allows us to do so. + gnupg-de at gnupg.org German speaking counterpart of + gnupg-users. -Commercial grade support for GnuPG is available; for a listing of -offers see https://www.gnupg.org/service.html . Maintaining and -improving GnuPG is costly. Since 2001, g10 Code GmbH, a German -company owned and headed by GnuPG's principal author Werner Koch, is -bearing the majority of these costs. To help them carry on this work, -they need your support. See https://gnupg.org/donate/ . - - This file is Free Software; as a special exception the authors gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. For conditions - of the whole package, please see the file COPYING. This file is - distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY, to the extent permitted by law; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + gnupg-ru at gnupg.org Russian speaking counterpart of + gnupg-users. + + gnupg-devel at gnupg.org GnuPG developers main forum. + + You subscribe to one of the list by sending mail with a subject of + "subscribe" to x-request at gnupg.org, where x is the name of the + mailing list (gnupg-announce, gnupg-users, etc.). See + https://www.gnupg.org/documentation/mailing-lists.html for archives + of the mailing lists. + + Please direct bug reports to http://bugs.gnupg.org or post them + direct to the mailing list . + + Please direct questions about GnuPG to the users mailing list or one + of the PGP newsgroups; please do not direct questions to one of the + authors directly as we are busy working on improvements and bug + fixes. The English and German mailing lists are watched by the + authors and we try to answer questions when time allows us. + + Commercial grade support for GnuPG is available; for a listing of + offers see https://www.gnupg.org/service.html . Maintaining and + improving GnuPG is costly. Since 2001, g10 Code GmbH, a German + company owned and headed by GnuPG's principal author Werner Koch, is + bearing the majority of these costs. To help them carry on this + work, they need your support. See https://gnupg.org/donate/ . + + +# This file is Free Software; as a special exception the authors gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. For conditions +# of the whole package, please see the file COPYING. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Local Variables: +# mode:org +# End: diff --git a/doc/gpg.texi b/doc/gpg.texi index b8c4ab1..0472a4a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3159,12 +3159,13 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/openpgp-revocs.d/ This is the directory where gpg stores pre-generated revocation - certificates. It is suggested to backup those certificates and if the - primary private key is not stored on the disk to move them to an - external storage device. Anyone who can access theses files is able to - revoke the corresponding key. You may want to print them out. You - should backup all files in this directory and take care to keep this - backup closed away. + certificates. The file name corresponds to the OpenPGP fingerprint of + the respective key. It is suggested to backup those certificates and + if the primary private key is not stored on the disk to move them to + an external storage device. Anyone who can access theses files is + able to revoke the corresponding key. You may want to print them out. + You should backup all files in this directory and take care to keep + this backup closed away. @item /usr[/local]/share/gnupg/options.skel The skeleton options file. commit fb223be97b01e2ac7993e10da2bad65c1a08cbd1 Author: Werner Koch Date: Thu Sep 18 16:00:34 2014 +0200 Register DCO for Daniel Kahn Gillmor. -- diff --git a/AUTHORS b/AUTHORS index a826e02..feede06 100644 --- a/AUTHORS +++ b/AUTHORS @@ -170,6 +170,9 @@ Andreas Schwier Christian Aistleitner 2013-05-26:20130626112332.GA2228 at quelltextlich.at: +Daniel Kahn Gillmor +2014-09-24:87oau6w9q7.fsf at alice.fifthhorseman.net: + Hans of Guardian 2013-06-26:D84473D7-F3F7-43D5-A9CE-16580B88D574 at guardianproject.info: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 + README | 310 ++++++++++++++++++++++++++------------------------ build-aux/getswdb.sh | 4 +- doc/gpg.texi | 13 ++- 4 files changed, 174 insertions(+), 156 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 25 08:51:04 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 25 Sep 2014 08:51:04 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.1-2-g6692de1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 6692de1398629061d405099bb22e9480475928af (commit) from 1fb7a2ddffcdb94bdd37521f46e69d530afd94f2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6692de1398629061d405099bb22e9480475928af Author: Werner Koch Date: Thu Sep 25 08:50:53 2014 +0200 Strip CRs while building the oid translation table. * tests/Makefile.am (oidtranstbl.h): Strip CRs diff --git a/tests/Makefile.am b/tests/Makefile.am index ae2ad4e..bb32172 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -59,6 +59,6 @@ oidtranstbl.h: Makefile mkoidtbl.awk for i in /etc/dumpasn1 /usr/local/bin /usr/local/share /usr/bin \ /usr/share ; do \ if test -f $$i/dumpasn1.cfg; then f=$$i/dumpasn1.cfg; break; fi; \ - done; $(AWK) -f $(srcdir)/mkoidtbl.awk $$f >$@ + done; tr -d '\r' <$$f | $(AWK) -f $(srcdir)/mkoidtbl.awk >$@ LOG_COMPILER = $(VALGRIND) ----------------------------------------------------------------------- Summary of changes: tests/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 25 22:14:47 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 25 Sep 2014 22:14:47 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-13-g20c6da5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 20c6da50d4f6264d26d113d7de606971f719a0ca (commit) via 371c2b14b0347209efd23b4e54e1981a12d7aeab (commit) from 26592fbef392469d60a49b8c29db8c0fb074ff78 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 20c6da50d4f6264d26d113d7de606971f719a0ca Author: Werner Koch Date: Thu Sep 25 22:13:03 2014 +0200 gpg: Do not always print dashes in obsolete_option. * g10/gpg.c (main): Pass option names to obsolete_option without double dash. * g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double dash only for command line options. diff --git a/g10/gpg.c b/g10/gpg.c index 4bb8ef6..95a78d5 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -531,10 +531,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")), - ARGPARSE_s_n (oUseAgent, "use-agent", "@"), - ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"), - ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"), - ARGPARSE_s_n (oBatch, "batch", "@"), ARGPARSE_s_n (oAnswerYes, "yes", "@"), ARGPARSE_s_n (oAnswerNo, "no", "@"), @@ -793,6 +789,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"), /* Dummy options with warnings. */ + ARGPARSE_s_n (oUseAgent, "use-agent", "@"), + ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"), + ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"), ARGPARSE_s_s (oReaderPort, "reader-port", "@"), ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"), ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"), @@ -2354,28 +2353,24 @@ main (int argc, char **argv) case oUseAgent: /* Dummy. */ break; + case oNoUseAgent: - obsolete_option (configname, configlineno, "--no-use-agent"); + obsolete_option (configname, configlineno, "no-use-agent"); break; case oGpgAgentInfo: - obsolete_option (configname, configlineno, "--gpg-agent-info"); + obsolete_option (configname, configlineno, "gpg-agent-info"); break; - case oReaderPort: - obsolete_scdaemon_option (configname, configlineno, - "--reader-port"); + obsolete_scdaemon_option (configname, configlineno, "reader-port"); break; case octapiDriver: - obsolete_scdaemon_option (configname, configlineno, - "--ctapi-driver"); + obsolete_scdaemon_option (configname, configlineno, "ctapi-driver"); break; case opcscDriver: - obsolete_scdaemon_option (configname, configlineno, - "--pcsc-driver"); + obsolete_scdaemon_option (configname, configlineno, "pcsc-driver"); break; case oDisableCCID: - obsolete_scdaemon_option (configname, configlineno, - "--disable-ccid"); + obsolete_scdaemon_option (configname, configlineno, "disable-ccid"); break; case oAnswerYes: opt.answer_yes = 1; break; diff --git a/g10/misc.c b/g10/misc.c index fa04387..76faa49 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1038,8 +1038,8 @@ obsolete_option (const char *configname, unsigned int configlineno, log_info (_("%s:%u: obsolete option \"%s\" - it has no effect\n"), configname, configlineno, name); else - log_info (_("WARNING: \"%s\" is an obsolete option - it has no effect\n"), - name); + log_info (_("WARNING: \"%s%s\" is an obsolete option - it has no effect\n"), + "--", name); } @@ -1052,8 +1052,9 @@ obsolete_scdaemon_option (const char *configname, unsigned int configlineno, " - it only has effect in %s\n"), configname, configlineno, name, SCDAEMON_NAME EXTSEP_S "conf"); else - log_info (_("WARNING: \"%s\" is an obsolete option" - " - it has no effect except on %s\n"), name, SCDAEMON_NAME); + log_info (_("WARNING: \"%s%s\" is an obsolete option" + " - it has no effect except on %s\n"), + "--", name, SCDAEMON_NAME); } commit 371c2b14b0347209efd23b4e54e1981a12d7aeab Author: Daniel Kahn Gillmor Date: Thu Sep 25 14:45:37 2014 -0400 gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 - Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk diff --git a/g10/gpg.c b/g10/gpg.c index a9d248d..4bb8ef6 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -366,6 +366,10 @@ enum cmd_and_opt_values oKeyidFormat, oExitOnStatusWriteError, oLimitCardInsertTries, + oReaderPort, + octapiDriver, + opcscDriver, + oDisableCCID, oRequireCrossCert, oNoRequireCrossCert, oAutoKeyLocate, @@ -788,6 +792,12 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"), ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"), + /* Dummy options with warnings. */ + ARGPARSE_s_s (oReaderPort, "reader-port", "@"), + ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"), + ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"), + ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"), + /* Dummy options. */ ARGPARSE_s_n (oNoop, "sk-comments", "@"), ARGPARSE_s_n (oNoop, "no-sk-comments", "@"), @@ -2351,6 +2361,23 @@ main (int argc, char **argv) obsolete_option (configname, configlineno, "--gpg-agent-info"); break; + case oReaderPort: + obsolete_scdaemon_option (configname, configlineno, + "--reader-port"); + break; + case octapiDriver: + obsolete_scdaemon_option (configname, configlineno, + "--ctapi-driver"); + break; + case opcscDriver: + obsolete_scdaemon_option (configname, configlineno, + "--pcsc-driver"); + break; + case oDisableCCID: + obsolete_scdaemon_option (configname, configlineno, + "--disable-ccid"); + break; + case oAnswerYes: opt.answer_yes = 1; break; case oAnswerNo: opt.answer_no = 1; break; case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break; diff --git a/g10/main.h b/g10/main.h index 44c4478..ad528b4 100644 --- a/g10/main.h +++ b/g10/main.h @@ -136,6 +136,8 @@ void deprecated_warning(const char *configname,unsigned int configlineno, void deprecated_command (const char *name); void obsolete_option (const char *configname, unsigned int configlineno, const char *name); +void obsolete_scdaemon_option (const char *configname, + unsigned int configlineno, const char *name); int string_to_cipher_algo (const char *string); int string_to_digest_algo (const char *string); diff --git a/g10/misc.c b/g10/misc.c index 54c2f89..fa04387 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1043,6 +1043,20 @@ obsolete_option (const char *configname, unsigned int configlineno, } +void +obsolete_scdaemon_option (const char *configname, unsigned int configlineno, + const char *name) +{ + if (configname) + log_info (_("%s:%u: \"%s\" is obsolete in this file" + " - it only has effect in %s\n"), + configname, configlineno, name, SCDAEMON_NAME EXTSEP_S "conf"); + else + log_info (_("WARNING: \"%s\" is an obsolete option" + " - it has no effect except on %s\n"), name, SCDAEMON_NAME); +} + + /* * Wrapper around gcry_cipher_map_name to provide a fallback using the * "Sn" syntax as used by the preference strings. ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 34 ++++++++++++++++++++++++++++------ g10/main.h | 2 ++ g10/misc.c | 19 +++++++++++++++++-- 3 files changed, 47 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Sep 25 22:28:58 2014 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 25 Sep 2014 22:28:58 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-5-gc76117f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab (commit) from 07006c9916ea194ce6047d252421c08489068c4c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab Author: Daniel Kahn Gillmor Date: Thu Sep 25 14:45:37 2014 -0400 gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -- In gpg2, the following options are only relevant for scdaemon: reader-port ctapi-driver pcsc-driver disable-ccid but in gpg1, they are options for gpg itself. Some users of gpg1 might have these options in their ~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that config file. gpg2 should not fail hard, though giving a warning (and suggesting a move to scdaemon.conf) seems OK. This patch does *not* reintroduce any documentation for these options in gpg.texi, even to indicate that they are "dummy" options, since scdaemon.texi contains the appropriate documentation. Debian-bug-id: 762844 Program names factored out from obsolete_scdaemon_option to make reuse without new translations easier. -wk This is a backport of commit 371c2b14b0347209efd23b4e54e1981a12d7aeab with parts of 20c6da50d4f6264d26d113d7de606971f719a0ca but without those which would change existing translated strings. -wk diff --git a/g10/gpg.c b/g10/gpg.c index 1a8e6e7..12d4295 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -358,6 +358,10 @@ enum cmd_and_opt_values oKeyidFormat, oExitOnStatusWriteError, oLimitCardInsertTries, + oReaderPort, + octapiDriver, + opcscDriver, + oDisableCCID, oRequireCrossCert, oNoRequireCrossCert, oAutoKeyLocate, @@ -506,10 +510,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")), - ARGPARSE_s_n (oUseAgent, "use-agent", "@"), - ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"), - ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"), - ARGPARSE_s_n (oBatch, "batch", "@"), ARGPARSE_s_n (oAnswerYes, "yes", "@"), ARGPARSE_s_n (oAnswerNo, "no", "@"), @@ -761,6 +761,21 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"), ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"), + /* Dummy options with warnings. */ + ARGPARSE_s_n (oUseAgent, "use-agent", "@"), + ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"), + ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"), + ARGPARSE_s_s (oReaderPort, "reader-port", "@"), + ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"), + ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"), + ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"), + + /* Dummy options. */ + ARGPARSE_s_n (oNoop, "sk-comments", "@"), + ARGPARSE_s_n (oNoop, "no-sk-comments", "@"), + ARGPARSE_s_n (oNoop, "compress-keys", "@"), + ARGPARSE_s_n (oNoop, "compress-sigs", "@"), + ARGPARSE_end () }; @@ -2239,6 +2254,19 @@ main (int argc, char **argv) obsolete_option (configname, configlineno, "--gpg-agent-info"); break; + case oReaderPort: + obsolete_scdaemon_option (configname, configlineno, "reader-port"); + break; + case octapiDriver: + obsolete_scdaemon_option (configname, configlineno, "ctapi-driver"); + break; + case opcscDriver: + obsolete_scdaemon_option (configname, configlineno, "pcsc-driver"); + break; + case oDisableCCID: + obsolete_scdaemon_option (configname, configlineno, "disable-ccid"); + break; + case oAnswerYes: opt.answer_yes = 1; break; case oAnswerNo: opt.answer_no = 1; break; case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break; diff --git a/g10/main.h b/g10/main.h index 9904820..226898d 100644 --- a/g10/main.h +++ b/g10/main.h @@ -118,6 +118,8 @@ void deprecated_warning(const char *configname,unsigned int configlineno, void deprecated_command (const char *name); void obsolete_option (const char *configname, unsigned int configlineno, const char *name); +void obsolete_scdaemon_option (const char *configname, + unsigned int configlineno, const char *name); int string_to_cipher_algo (const char *string); int string_to_digest_algo (const char *string); diff --git a/g10/misc.c b/g10/misc.c index 43ea0d2..ef03776 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -851,6 +851,20 @@ obsolete_option (const char *configname, unsigned int configlineno, } +void +obsolete_scdaemon_option (const char *configname, unsigned int configlineno, + const char *name) +{ + if (configname) + log_info (_("%s:%u: \"%s%s\" is obsolete in this file" + " - it only has effect in %s\n"), + configname, configlineno, name, "--", "scdaemon.conf"); + else + log_info (_("WARNING: \"%s%s\" is an obsolete option" + " - it has no effect except on %s\n"), "--", name, "scdaemon"); +} + + /* * Wrapper around gcry_cipher_map_name to provide a fallback using the * "Sn" syntax as used by the preference strings. ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 36 ++++++++++++++++++++++++++++++++---- g10/main.h | 2 ++ g10/misc.c | 14 ++++++++++++++ 3 files changed, 48 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 26 14:47:09 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 26 Sep 2014 14:47:09 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-14-g7ff4ea2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7ff4ea2160e87a16bf701552d3b9c7ab1c42f9ec (commit) from 20c6da50d4f6264d26d113d7de606971f719a0ca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7ff4ea2160e87a16bf701552d3b9c7ab1c42f9ec Author: Werner Koch Date: Fri Sep 26 14:43:48 2014 +0200 gpg: Add shortcut for setting key capabilities. * g10/keygen.c (ask_key_flags): Add shortcut '='. * doc/help.txt (gpg.keygen.flags): New. diff --git a/doc/help.txt b/doc/help.txt index 36b993d..f545c2b 100644 --- a/doc/help.txt +++ b/doc/help.txt @@ -7,12 +7,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -27,7 +27,7 @@ # /usr/share/gnupg/help.LL_TT.txt # /usr/share/gnupg/help.LL.txt # /usr/share/gnupg/help.txt -# +# # Here LL_TT denotes the full name of the current locale with the # territory (.e.g. "de_DE"), LL denotes just the locale name # (e.g. "de"). The first matching item is returned. To put a dot or @@ -44,7 +44,7 @@ # the users about the configured passphrase constraints and save that # to /etc/gnupg/help.txt. The help text should not be longer than # about 800 characters. -This bar indicates the quality of the passphrase entered above. +This bar indicates the quality of the passphrase entered above. As long as the bar is shown in red, GnuPG considers the passphrase too weak to accept. Please ask your administrator for details about the @@ -55,7 +55,7 @@ configured passphrase constraints. .gnupg.agent-problem # There was a problem accessing or starting the agent. It was either not possible to connect to a running Gpg-Agent or a -communication problem with a running agent occurred. +communication problem with a running agent occurred. The system uses a background process, called Gpg-Agent, for processing private keys and to ask for passphrases. The agent is usually started @@ -74,7 +74,7 @@ administrator anyway because this indicates a bug in the software. .gnupg.dirmngr-problem # There was a problen accessing the dirmngr. It was either not possible to connect to a running Dirmngr or a -communication problem with a running Dirmngr occurred. +communication problem with a running Dirmngr occurred. To lookup certificate revocation lists (CRLs), performing OCSP validation and to lookup keys through LDAP servers, the system uses an @@ -134,13 +134,28 @@ Please consult your security expert first. . +.gpg.keygen.flags +Toggle the capabilities of the key. + +It is only possible to toggle those capabilities which are possible +for the selected algorithm. + +To quickly set the capabilities all at once it is possible to enter a +'=' as first character followed by a list of letters indicating the +capability to set: 's' for signing, 'e' for encryption, and 'a' for +authentication. Invalid letters and impossible capabilities are +ignored. This submenu is immediately closed after using this +shortcut. +. + + .gpg.keygen.size -Enter the size of the key. +Enter the size of the key. The suggested default is usually a good choice. If you want to use a large key size, for example 4096 bit, please -think again whether it really makes sense for you. You may want +think again whether it really makes sense for you. You may want to view the web page http://www.xkcd.com/538/ . . @@ -167,7 +182,7 @@ Answer "yes" or "no". .gpg.keygen.name -Enter the name of the key holder. +Enter the name of the key holder. The characters "<" and ">" are not allowed. Example: Heinrich Heine . @@ -321,7 +336,7 @@ file (which is shown in brackets) will be used. . .gpg.ask_revocation_reason.code -# revoke.c (ask_revocation_reason) +# revoke.c (ask_revocation_reason) You should specify a reason for the certification. Depending on the context you have the ability to choose from this list: "Key has been compromised" diff --git a/g10/keygen.c b/g10/keygen.c index b6b50f6..4ec7f50 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1655,6 +1655,7 @@ ask_key_flags(int algo,int subkey) */ const char *togglers=_("SsEeAaQq"); char *answer=NULL; + const char *s; unsigned int current=0; unsigned int possible=openpgp_pk_algo_usage(algo); @@ -1701,7 +1702,22 @@ ask_key_flags(int algo,int subkey) answer = cpr_get("keygen.flags",_("Your selection? ")); cpr_kill_prompt(); - if(strlen(answer)>1) + if (*answer == '=') + { + /* Hack to allow direct entry of the capabilities. */ + current = 0; + for (s=answer+1; *s; s++) + { + if ((*s == 's' || *s == 'S') && (possible&PUBKEY_USAGE_SIG)) + current |= PUBKEY_USAGE_SIG; + else if ((*s == 'e' || *s == 'E') && (possible&PUBKEY_USAGE_ENC)) + current |= PUBKEY_USAGE_ENC; + else if ((*s == 'a' || *s == 'A') && (possible&PUBKEY_USAGE_AUTH)) + current |= PUBKEY_USAGE_AUTH; + } + break; + } + else if (strlen(answer)>1) tty_printf(_("Invalid selection.\n")); else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7]) break; ----------------------------------------------------------------------- Summary of changes: doc/help.txt | 35 +++++++++++++++++++++++++---------- g10/keygen.c | 18 +++++++++++++++++- 2 files changed, 42 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Sep 26 14:47:18 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 26 Sep 2014 14:47:18 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-6-gb9b6ac9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via b9b6ac9d26848bfcbd703d7410f066f4aeb9e418 (commit) from c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b9b6ac9d26848bfcbd703d7410f066f4aeb9e418 Author: Werner Koch Date: Fri Sep 26 14:43:48 2014 +0200 gpg: Add shortcut for setting key capabilities. * g10/keygen.c (ask_key_flags): Add shortcut '='. * doc/help.txt (gpg.keygen.flags): New. diff --git a/doc/help.txt b/doc/help.txt index 36b993d..f545c2b 100644 --- a/doc/help.txt +++ b/doc/help.txt @@ -7,12 +7,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -27,7 +27,7 @@ # /usr/share/gnupg/help.LL_TT.txt # /usr/share/gnupg/help.LL.txt # /usr/share/gnupg/help.txt -# +# # Here LL_TT denotes the full name of the current locale with the # territory (.e.g. "de_DE"), LL denotes just the locale name # (e.g. "de"). The first matching item is returned. To put a dot or @@ -44,7 +44,7 @@ # the users about the configured passphrase constraints and save that # to /etc/gnupg/help.txt. The help text should not be longer than # about 800 characters. -This bar indicates the quality of the passphrase entered above. +This bar indicates the quality of the passphrase entered above. As long as the bar is shown in red, GnuPG considers the passphrase too weak to accept. Please ask your administrator for details about the @@ -55,7 +55,7 @@ configured passphrase constraints. .gnupg.agent-problem # There was a problem accessing or starting the agent. It was either not possible to connect to a running Gpg-Agent or a -communication problem with a running agent occurred. +communication problem with a running agent occurred. The system uses a background process, called Gpg-Agent, for processing private keys and to ask for passphrases. The agent is usually started @@ -74,7 +74,7 @@ administrator anyway because this indicates a bug in the software. .gnupg.dirmngr-problem # There was a problen accessing the dirmngr. It was either not possible to connect to a running Dirmngr or a -communication problem with a running Dirmngr occurred. +communication problem with a running Dirmngr occurred. To lookup certificate revocation lists (CRLs), performing OCSP validation and to lookup keys through LDAP servers, the system uses an @@ -134,13 +134,28 @@ Please consult your security expert first. . +.gpg.keygen.flags +Toggle the capabilities of the key. + +It is only possible to toggle those capabilities which are possible +for the selected algorithm. + +To quickly set the capabilities all at once it is possible to enter a +'=' as first character followed by a list of letters indicating the +capability to set: 's' for signing, 'e' for encryption, and 'a' for +authentication. Invalid letters and impossible capabilities are +ignored. This submenu is immediately closed after using this +shortcut. +. + + .gpg.keygen.size -Enter the size of the key. +Enter the size of the key. The suggested default is usually a good choice. If you want to use a large key size, for example 4096 bit, please -think again whether it really makes sense for you. You may want +think again whether it really makes sense for you. You may want to view the web page http://www.xkcd.com/538/ . . @@ -167,7 +182,7 @@ Answer "yes" or "no". .gpg.keygen.name -Enter the name of the key holder. +Enter the name of the key holder. The characters "<" and ">" are not allowed. Example: Heinrich Heine . @@ -321,7 +336,7 @@ file (which is shown in brackets) will be used. . .gpg.ask_revocation_reason.code -# revoke.c (ask_revocation_reason) +# revoke.c (ask_revocation_reason) You should specify a reason for the certification. Depending on the context you have the ability to choose from this list: "Key has been compromised" diff --git a/g10/keygen.c b/g10/keygen.c index 6d3dfa6..5841ad8 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1591,6 +1591,7 @@ ask_key_flags(int algo,int subkey) */ const char *togglers=_("SsEeAaQq"); char *answer=NULL; + const char *s; unsigned int current=0; unsigned int possible=openpgp_pk_algo_usage(algo); @@ -1637,7 +1638,22 @@ ask_key_flags(int algo,int subkey) answer = cpr_get("keygen.flags",_("Your selection? ")); cpr_kill_prompt(); - if(strlen(answer)>1) + if (*answer == '=') + { + /* Hack to allow direct entry of the capabilities. */ + current = 0; + for (s=answer+1; *s; s++) + { + if ((*s == 's' || *s == 'S') && (possible&PUBKEY_USAGE_SIG)) + current |= PUBKEY_USAGE_SIG; + else if ((*s == 'e' || *s == 'E') && (possible&PUBKEY_USAGE_ENC)) + current |= PUBKEY_USAGE_ENC; + else if ((*s == 'a' || *s == 'A') && (possible&PUBKEY_USAGE_AUTH)) + current |= PUBKEY_USAGE_AUTH; + } + break; + } + else if (strlen(answer)>1) tty_printf(_("Invalid selection.\n")); else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7]) break; ----------------------------------------------------------------------- Summary of changes: doc/help.txt | 35 +++++++++++++++++++++++++---------- g10/keygen.c | 18 +++++++++++++++++- 2 files changed, 42 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 27 11:17:13 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 27 Sep 2014 11:17:13 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-15-gf16e76c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f16e76cfb8a1c872d1e01332b5d32022aa7b2fe8 (commit) from 7ff4ea2160e87a16bf701552d3b9c7ab1c42f9ec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f16e76cfb8a1c872d1e01332b5d32022aa7b2fe8 Author: Werner Koch Date: Sat Sep 27 11:17:07 2014 +0200 doc: Update the file OpenPGP -- It should actually be completey reworked but for now I added just a few notes. diff --git a/doc/OpenPGP b/doc/OpenPGP index a511ad7..96223d7 100644 --- a/doc/OpenPGP +++ b/doc/OpenPGP @@ -1,9 +1,8 @@ GnuPG and OpenPGP ================= - See RFC2440 for a description of OpenPGP. We have an annotated version - of this RFC online: http://www.gnupg.org/rfc2440.html - + See RFC-4880 for a description of OpenPGP. These notes are older + than RFC-4880 and refer to the predecessor of the specs (RFC-2440). Compatibility Notes @@ -12,7 +11,9 @@ * (9.2) states that IDEA SHOULD be implemented. This is not done due to patent problems. - + UPDATE: Since version 1.4.13 (or GnuPG 2.x with Libgcrypt 1.6) + IDEA support has been added to allow decryption of old + PGP-2 encrypted material. All MAY features are implemented with this exception: @@ -28,17 +29,17 @@ A special format of partial packet length exists for v3 packets which can be considered to be in compliance with RFC1991; this format is only created if a special option is active. + UPDATE: This support has been removed with version 1.3.6. GnuPG uses a S2K mode of 101 for GNU extensions to the secret key protection algorithms. This number is not defined in OpenPGP, but - given the fact that this number is in a range which used at many - other places in OpenPGP for private/experimenat algorithm identifiers, - this should be not a so bad choice. The 3 bytes "GNU" are used - to identify this as a GNU extension - see the file DETAILS for a + given that this number is in a range which is used at many other + places in OpenPGP for private/experimental algorithm identifiers, + this should be not a too bad choice. The 3 bytes "GNU" are used to + identify this as a GNU extension - see the file DETAILS for a definition of the used data formats. - Some Notes on OpenPGP / PGP Compatibility: ========================================== @@ -104,5 +105,3 @@ The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. - - ----------------------------------------------------------------------- Summary of changes: doc/OpenPGP | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 27 15:30:35 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 27 Sep 2014 15:30:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-17-gd332467 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d33246700578cddd1cb8ed8164cfbba50aba4ef3 (commit) via f3625bb018fa8d5bc754f982996f8788386f0a9d (commit) from f16e76cfb8a1c872d1e01332b5d32022aa7b2fe8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d33246700578cddd1cb8ed8164cfbba50aba4ef3 Author: Werner Koch Date: Sat Sep 27 15:21:02 2014 +0200 gpg: Default to SHA-256 for all signature types on RSA keys. * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in strict RFC or PGP modes. * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for RSA key signatures. * configure.ac: Do not allow to disable sha256. diff --git a/configure.ac b/configure.ac index a2f07cb..c627c27 100644 --- a/configure.ac +++ b/configure.ac @@ -254,7 +254,7 @@ GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash]) # SHA1 is a MUSt algorithm GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash]) GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash]) -GNUPG_GPG_DISABLE_ALGO([sha256],[SHA-256 hash]) +# SHA256 is a MUST algorithm for GnuPG. GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash]) GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash]) diff --git a/g10/main.h b/g10/main.h index 17a050d..76541c7 100644 --- a/g10/main.h +++ b/g10/main.h @@ -38,7 +38,7 @@ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES #endif -#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1 +#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 #ifdef HAVE_ZIP # define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP diff --git a/g10/sign.c b/g10/sign.c index c8139d7..bd78c17 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1499,7 +1499,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, (ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8); } else - digest_algo = DIGEST_ALGO_SHA1; + digest_algo = DEFAULT_DIGEST_ALGO; } if ( gcry_md_open (&md, digest_algo, 0 ) ) commit f3625bb018fa8d5bc754f982996f8788386f0a9d Author: Werner Koch Date: Sat Sep 27 15:14:13 2014 +0200 gpg: Simplify command --gen-key and add --full-gen-key. * g10/gpg.c (aFullKeygen): New. (opts): Add command --full-key-gen. (main): Implement it. * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although the value is identical. (DEFAULT_STD_CURVE): New. (DEFAULT_STD_SUBALGO): New. (DEFAULT_STD_SUBKEYSIZE): New. (DEFAULT_STD_SUBCURVE): New. (quick_generate_keypair): Use new macros here. (generate_keypair): Add arg "full" and fix call callers. Do not ask for keysize in non-full node. (ask_user_id): Add arg "full" and simplify for non-full mode. diff --git a/doc/gpg.texi b/doc/gpg.texi index 0472a4a..ea6851c 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -622,12 +622,19 @@ force the creation of the key will show up. @item --gen-key @opindex gen-key -Generate a new key pair. This command is normally only used -interactively. +Generate a new key pair using teh current default parameters. This is +the standard command to create a new key. + at ifset gpgtwoone + at item --full-gen-key + at opindex gen-key +Generate a new key pair with dialogs for all options. This is an +extended version of @option{--gen-key}. + + at end ifset There is also a feature which allows you to create keys in batch -mode. See the file @file{doc/DETAILS} in the source distribution on -how to use this. +mode. See the the manual section ``Unattended key generation'' on how +to use this. @item --gen-revoke @code{name} @opindex gen-revoke diff --git a/g10/card-util.c b/g10/card-util.c index 84752eb..abf234f 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1440,7 +1440,7 @@ generate_card_keys (ctrl_t ctrl) the serialnumber and thus it won't harm. */ } - generate_keypair (ctrl, NULL, info.serialno, want_backup); + generate_keypair (ctrl, 1, NULL, info.serialno, want_backup); leave: agent_release_card_info (&info); diff --git a/g10/gpg.c b/g10/gpg.c index 95a78d5..f586042 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -107,6 +107,7 @@ enum cmd_and_opt_values aClearsign, aStore, aQuickKeygen, + aFullKeygen, aKeygen, aSignEncr, aSignEncrSym, @@ -407,9 +408,12 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")), ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")), ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")), - ARGPARSE_c (aQuickKeygen, "quick-gen-key" , + ARGPARSE_c (aKeygen, "gen-key", + N_("generate a new key pair")), + ARGPARSE_c (aQuickKeygen, "quick-gen-key" , N_("quickly generate a new key pair")), - ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")), + ARGPARSE_c (aFullKeygen, "full-gen-key" , + N_("full featured key pair generation")), ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")), ARGPARSE_c (aDeleteKeys,"delete-keys", N_("remove keys from the public keyring")), @@ -2307,6 +2311,7 @@ main (int argc, char **argv) break; case aKeygen: + case aFullKeygen: case aEditKey: case aDeleteSecretKeys: case aDeleteSecretAndPublicKeys: @@ -3564,6 +3569,7 @@ main (int argc, char **argv) case aDeleteSecretKeys: case aDeleteSecretAndPublicKeys: case aQuickKeygen: + case aFullKeygen: case aKeygen: case aImport: case aExportSecret: @@ -3859,12 +3865,27 @@ main (int argc, char **argv) if( opt.batch ) { if( argc > 1 ) wrong_args("--gen-key [parameterfile]"); - generate_keypair (ctrl, argc? *argv : NULL, NULL, 0); + generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0); } else { if( argc ) wrong_args("--gen-key"); - generate_keypair (ctrl, NULL, NULL, 0); + generate_keypair (ctrl, 0, NULL, NULL, 0); + } + break; + + case aFullKeygen: /* Generate a key with all options. */ + if (opt.batch) + { + if (argc > 1) + wrong_args ("--full-gen-key [parameterfile]"); + generate_keypair (ctrl, 1, argc? *argv : NULL, NULL, 0); + } + else + { + if (argc) + wrong_args("--full-gen-key"); + generate_keypair (ctrl, 1, NULL, NULL, 0); } break; diff --git a/g10/keygen.c b/g10/keygen.c index 4ec7f50..17d7ce1 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -47,8 +47,12 @@ /* The default algorithms. If you change them remember to change them also in gpg.c:gpgconf_list. You should also check that the value is inside the bounds enforced by ask_keysize and gen_xxx. */ -#define DEFAULT_STD_ALGO GCRY_PK_RSA -#define DEFAULT_STD_KEYSIZE 2048 +#define DEFAULT_STD_ALGO PUBKEY_ALGO_RSA +#define DEFAULT_STD_KEYSIZE 2048 +#define DEFAULT_STD_CURVE NULL +#define DEFAULT_STD_SUBALGO PUBKEY_ALGO_RSA +#define DEFAULT_STD_SUBKEYSIZE 2048 +#define DEFAULT_STD_SUBCURVE NULL /* Flag bits used during key generation. */ #define KEYGEN_FLAG_NO_PROTECTION 1 @@ -2435,9 +2439,9 @@ uid_from_string (const char *string) /* Ask for a user ID. With a MODE of 1 an extra help prompt is printed for use during a new key creation. If KEYBLOCK is not NULL the function prevents the creation of an already existing user - ID. */ + ID. IF FULL is not set some prompts are not shown. */ static char * -ask_user_id (int mode, KBNODE keyblock) +ask_user_id (int mode, int full, KBNODE keyblock) { char *answer; char *aname, *acomment, *amail, *uid; @@ -2447,7 +2451,7 @@ ask_user_id (int mode, KBNODE keyblock) /* TRANSLATORS: This is the new string telling the user what gpg is now going to do (i.e. ask for the parts of the user ID). Note that if you do not translate this string, a - different string will be used used, which might still have + different string will be used, which might still have a correct translation. */ const char *s1 = N_("\n" @@ -2515,7 +2519,8 @@ ask_user_id (int mode, KBNODE keyblock) break; } } - if( !acomment ) { + if (!acomment) { + if (full) { for(;;) { xfree(acomment); acomment = cpr_get("keygen.comment",_("Comment: ")); @@ -2528,6 +2533,11 @@ ask_user_id (int mode, KBNODE keyblock) else break; } + } + else { + xfree (acomment); + acomment = xstrdup (""); + } } @@ -2596,11 +2606,17 @@ ask_user_id (int mode, KBNODE keyblock) answer = xstrdup (ansstr + (fail?8:6)); answer[1] = 0; } - else { + else if (full) { answer = cpr_get("keygen.userid.cmd", fail? _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") : _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); cpr_kill_prompt(); + } + else { + answer = cpr_get("keygen.userid.cmd", fail? + _("Change (N)ame, (E)mail, or (Q)uit? ") : + _("Change (N)ame, (E)mail, or (O)kay/(Q)uit? ")); + cpr_kill_prompt(); } if( strlen(answer) > 1 ) ; @@ -2745,7 +2761,7 @@ generate_user_id (KBNODE keyblock) { char *p; - p = ask_user_id (1, keyblock); + p = ask_user_id (1, 1, keyblock); if (!p) return NULL; /* Canceled. */ return uid_from_string (p); @@ -2822,7 +2838,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key, i = atoi( r->u.value ); else if (!strcmp (r->u.value, "ELG-E") || !strcmp (r->u.value, "ELG")) - i = GCRY_PK_ELG_E; + i = PUBKEY_ALGO_ELGAMAL_E; else i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value)); @@ -3528,10 +3544,12 @@ quick_generate_keypair (const char *uid) } } - para = quickgen_set_para (para, 0, PUBKEY_ALGO_RSA, 2048, NULL); - para = quickgen_set_para (para, 1, PUBKEY_ALGO_RSA, 2048, NULL); - /* para = quickgen_set_para (para, 0, PUBKEY_ALGO_EDDSA, 0, "Ed25519"); */ - /* para = quickgen_set_para (para, 1, PUBKEY_ALGO_ECDH, 0, "Curve25519"); */ + para = quickgen_set_para (para, 0, + DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE, + DEFAULT_STD_CURVE); + para = quickgen_set_para (para, 1, + DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE, + DEFAULT_STD_SUBCURVE); proc_parameter_file (para, "[internal]", &outctrl, 0); leave: @@ -3544,11 +3562,13 @@ quick_generate_keypair (const char *uid) * CARD_SERIALNO is not NULL the function will create the keys on an * OpenPGP Card. If CARD_BACKUP_KEY has been set and CARD_SERIALNO is * NOT NULL, the encryption key for the card is generated on the host, - * imported to the card and a backup file created by gpg-agent. + * imported to the card and a backup file created by gpg-agent. If + * FULL is not set only the basic prompts are used (except for batch + * mode). */ void -generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno, - int card_backup_key) +generate_keypair (ctrl_t ctrl, int full, const char *fname, + const char *card_serialno, int card_backup_key) { unsigned int nbits; char *uid = NULL; @@ -3628,7 +3648,7 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno, } #endif /*ENABLE_CARD_SUPPORT*/ } - else + else if (full) /* Full featured key generation. */ { int subkey_algo; char *curve = NULL; @@ -3764,34 +3784,47 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno, xfree (curve); } + else /* Default key generation. */ + { + tty_printf ( _("Note: Use \"%s %s\"" + " for a full featured key generation dialog.\n"), + GPG_NAME, "--full-gen-key" ); + para = quickgen_set_para (para, 0, + DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE, + DEFAULT_STD_CURVE); + para = quickgen_set_para (para, 1, + DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE, + DEFAULT_STD_SUBCURVE); + } + - expire = ask_expire_interval(0,NULL); - r = xmalloc_clear( sizeof *r + 20 ); + expire = full? ask_expire_interval (0, NULL) : 0; + r = xcalloc (1, sizeof *r + 20); r->key = pKEYEXPIRE; r->u.expire = expire; r->next = para; para = r; - r = xmalloc_clear( sizeof *r + 20 ); + r = xcalloc (1, sizeof *r + 20); r->key = pSUBKEYEXPIRE; r->u.expire = expire; r->next = para; para = r; - uid = ask_user_id (0, NULL); - if( !uid ) + uid = ask_user_id (0, full, NULL); + if (!uid) { log_error(_("Key generation canceled.\n")); release_parameter_list( para ); return; } - r = xmalloc_clear( sizeof *r + strlen(uid) ); + r = xcalloc (1, sizeof *r + strlen (uid)); r->key = pUSERID; - strcpy( r->u.value, uid ); + strcpy (r->u.value, uid); r->next = para; para = r; - proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno); - release_parameter_list( para ); + proc_parameter_file (para, "[internal]", &outctrl, !!card_serialno); + release_parameter_list (para); } diff --git a/g10/main.h b/g10/main.h index ad528b4..17a050d 100644 --- a/g10/main.h +++ b/g10/main.h @@ -259,7 +259,7 @@ u32 parse_expire_string(const char *string); u32 ask_expire_interval(int object,const char *def_expire); u32 ask_expiredate(void); void quick_generate_keypair (const char *uid); -void generate_keypair (ctrl_t ctrl, const char *fname, +void generate_keypair (ctrl_t ctrl, int full, const char *fname, const char *card_serialno, int card_backup_key); int keygen_set_std_prefs (const char *string,int personal); PKT_user_id *keygen_get_std_prefs (void); ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- doc/gpg.texi | 15 +++++++--- g10/card-util.c | 2 +- g10/gpg.c | 29 ++++++++++++++++--- g10/keygen.c | 85 ++++++++++++++++++++++++++++++++++++++----------------- g10/main.h | 4 +-- g10/sign.c | 2 +- 7 files changed, 100 insertions(+), 39 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Sep 27 15:37:28 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 27 Sep 2014 15:37:28 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-8-g36179da Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 36179da032fa43d82042b3d31ed175d17b8e9bc4 (commit) via ba2b8c20ee68f7ee3e7a58f7c3449d94004131d8 (commit) from b9b6ac9d26848bfcbd703d7410f066f4aeb9e418 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 36179da032fa43d82042b3d31ed175d17b8e9bc4 Author: Werner Koch Date: Sat Sep 27 15:21:02 2014 +0200 gpg: Default to SHA-256 for all signature types on RSA keys. * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in strict RFC or PGP modes. * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for RSA key signatures. -- (Backported from commit d33246700578cddd1cb8ed8164cfbba50aba4ef3) diff --git a/g10/main.h b/g10/main.h index 226898d..4cf2cc7 100644 --- a/g10/main.h +++ b/g10/main.h @@ -33,7 +33,7 @@ issues of speed and size come into play here. */ #define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5 -#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1 +#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) #define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 diff --git a/g10/sign.c b/g10/sign.c index 0de3321..e7e79cc 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1425,7 +1425,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, else if(sk->pubkey_algo==PUBKEY_ALGO_DSA) digest_algo = match_dsa_hash (gcry_mpi_get_nbits (sk->skey[1])/8); else - digest_algo = DIGEST_ALGO_SHA1; + digest_algo = DEFAULT_DIGEST_ALGO; } if ( gcry_md_open (&md, digest_algo, 0 ) ) commit ba2b8c20ee68f7ee3e7a58f7c3449d94004131d8 Author: Werner Koch Date: Sat Sep 27 11:17:07 2014 +0200 doc: Update the file OpenPGP -- It should actually be completey reworked but for now I added just a few notes. diff --git a/doc/OpenPGP b/doc/OpenPGP index a511ad7..96223d7 100644 --- a/doc/OpenPGP +++ b/doc/OpenPGP @@ -1,9 +1,8 @@ GnuPG and OpenPGP ================= - See RFC2440 for a description of OpenPGP. We have an annotated version - of this RFC online: http://www.gnupg.org/rfc2440.html - + See RFC-4880 for a description of OpenPGP. These notes are older + than RFC-4880 and refer to the predecessor of the specs (RFC-2440). Compatibility Notes @@ -12,7 +11,9 @@ * (9.2) states that IDEA SHOULD be implemented. This is not done due to patent problems. - + UPDATE: Since version 1.4.13 (or GnuPG 2.x with Libgcrypt 1.6) + IDEA support has been added to allow decryption of old + PGP-2 encrypted material. All MAY features are implemented with this exception: @@ -28,17 +29,17 @@ A special format of partial packet length exists for v3 packets which can be considered to be in compliance with RFC1991; this format is only created if a special option is active. + UPDATE: This support has been removed with version 1.3.6. GnuPG uses a S2K mode of 101 for GNU extensions to the secret key protection algorithms. This number is not defined in OpenPGP, but - given the fact that this number is in a range which used at many - other places in OpenPGP for private/experimenat algorithm identifiers, - this should be not a so bad choice. The 3 bytes "GNU" are used - to identify this as a GNU extension - see the file DETAILS for a + given that this number is in a range which is used at many other + places in OpenPGP for private/experimental algorithm identifiers, + this should be not a too bad choice. The 3 bytes "GNU" are used to + identify this as a GNU extension - see the file DETAILS for a definition of the used data formats. - Some Notes on OpenPGP / PGP Compatibility: ========================================== @@ -104,5 +105,3 @@ The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. - - ----------------------------------------------------------------------- Summary of changes: doc/OpenPGP | 21 ++++++++++----------- g10/main.h | 2 +- g10/sign.c | 2 +- 3 files changed, 12 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 29 11:30:14 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 29 Sep 2014 11:30:14 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-10-g2889a70 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 2889a70c102271a1b6ff529bafb6748c4e773014 (commit) via 3209f270d236fae588edaab3d48fe707eb25641c (commit) via ad30b2a4ae06a51f747bbd8a3c0985333295f8c6 (commit) from cd53cdbc3774fb193bdebcdc5d7019ddebc16dbc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2889a70c102271a1b6ff529bafb6748c4e773014 Author: Werner Koch Date: Mon Sep 29 11:28:55 2014 +0200 doc: Cleanup gpg.texi. -- We don't need the gpgone and gpgtwoone macros anymore. diff --git a/doc/Makefile.am b/doc/Makefile.am index a31f257..9fd9f6b 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -46,7 +46,7 @@ DISTCLEANFILES = yat2m yat2m-stamp.tmp yat2m-stamp $(myman_pages) AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css -D gpgone YAT2M_OPTIONS = -I $(srcdir) -D gpgone \ - --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard" + --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 1.4" yat2m: Makefile yat2m.c $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c diff --git a/doc/gpg.texi b/doc/gpg.texi index ea6851c..ded69ce 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3,11 +3,6 @@ @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. - at c Note that we use this texinfo file for all versions of GnuPG: 1.4.x, - at c 2.0 and 2.1. The macro "gpgone" controls parts which are only valid - at c for GnuPG 1.4, the macro "gpgtwoone" controls parts which are only - at c valid for GnupG 2.1 and later. - @node Invoking GPG @chapter Invoking GPG @cindex GPG command options @@ -16,19 +11,11 @@ @c Begin algorithm defaults - at ifclear gpgtwoone @set DEFSYMENCALGO CAST5 - at end ifclear - - at ifset gpgtwoone - at set DEFSYMENCALGO AES128 - at end ifset @c End algorithm defaults - at c Begin GnuPG 1.x specific stuff - at ifset gpgone @macro gpgname gpg @end macro @@ -49,63 +36,20 @@ gpg .I command .RI [ args ] @end ifset - at end ifset - at c End GnuPG 1.x specific stuff - - at c Begin GnuPG 2 specific stuff - at ifclear gpgone - at macro gpgname -gpg2 - at end macro - at manpage gpg2.1 - at ifset manverb -.B gpg2 -\- OpenPGP encryption and signing tool - at end ifset - - at mansect synopsis - at ifset manverb -.B gpg2 -.RB [ \-\-homedir -.IR dir ] -.RB [ \-\-options -.IR file ] -.RI [ options ] -.I command -.RI [ args ] - at end ifset - at end ifclear - at c Begin GnuPG 2 specific stuff @mansect description - at command{@gpgname} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It -is a tool to provide digital encryption and signing services using the -OpenPGP standard. @command{@gpgname} features complete key management and -all bells and whistles you can expect from a decent OpenPGP -implementation. + at command{@gpgname} is the OpenPGP only version of the GNU Privacy +Guard (GnuPG). It is a tool to provide digital encryption and signing +services using the OpenPGP standard. @command{@gpgname} features +complete key management and all bells and whistles you can expect from +a decent OpenPGP implementation. - at ifset gpgone This is the standalone version of @command{gpg}. For desktop use you -should consider using @command{gpg2} @footnote{On some platforms gpg2 is -installed under the name @command{gpg}}. - at end ifset - - at ifclear gpgone -In contrast to the standalone version @command{gpg}, which is more -suited for server and embedded platforms, this version is commonly -installed under the name @command{gpg2} and more targeted to the desktop -as it requires several other modules to be installed. The standalone -version will be kept maintained and it is possible to install both -versions on the same system. If you need to use different configuration -files, you should make use of something like @file{gpg.conf-2} instead -of just @file{gpg.conf}. - at end ifclear +should consider using @command{gpg2} from the GnuPG-2 package + at footnote{On some platforms gpg2 is installed under the name + at command{gpg}}. @manpause - at ifclear gpgone -Documentation for the old standard @command{gpg} is available as a man -page and at @inforef{Top,GnuPG 1,gpg}. - at end ifclear @xref{Option Index}, for an index to @command{@gpgname}'s commands and options. @mancont @@ -300,12 +244,11 @@ Identical to @option{--multifile --decrypt}. @opindex list-keys List all keys from the public keyrings, or just the keys given on the command line. - at ifset gpgone + @option{-k} is slightly different from @option{--list-keys} in that it allows only for one argument and takes the second argument as the keyring to search. This is for command line compatibility with PGP 2 and has been removed in @command{gpg2}. - at end ifset Avoid using the output of this command in scripts or other programs as it is likely to change as GnuPG changes. See @option{--with-colons} for a @@ -323,10 +266,6 @@ secret key is not usable (for example, if it was created via @item --list-sigs @opindex list-sigs Same as @option{--list-keys}, but the signatures are listed too. - at ifclear gpgone -This command has the same effect as -using @option{--list-keys} with @option{--with-sig-list}. - at end ifclear For each signature listed, there are several flags in between the "sig" tag and keyid. These flags give additional information about each @@ -346,10 +285,6 @@ command "tsign"). Same as @option{--list-sigs}, but the signatures are verified. Note that for performance reasons the revocation status of a signing key is not shown. - at ifclear gpgone -This command has the same effect as -using @option{--list-keys} with @option{--with-sig-check}. - at end ifclear The status of the verification is indicated by a flag directly following the "sig" tag (and thus before the flags described above for @@ -358,16 +293,6 @@ successfully verified, a "-" denotes a bad signature and a "%" is used if an error occurred while checking the signature (e.g. a non supported algorithm). - at ifclear gpgone - at item --locate-keys - at opindex locate-keys -Locate the keys given as arguments. This command basically uses the -same algorithm as used when locating keys for encryption or signing and -may thus be used to see what keys @command{@gpgname} might use. In -particular external methods as defined by @option{--auto-key-locate} may -be used to locate a key. Only public keys are listed. - at end ifclear - @item --fingerprint @opindex fingerprint @@ -453,15 +378,8 @@ an additional signing subkey on a dedicated machine and then using this command to export the key without the primary key to the main machine. - at ifset gpgtwoone -GnuPG may ask you to enter the passphrase for the key. This is -required because the internal protection method of the secret key is -different from the one specified by the OpenPGP protocol. - at end ifset - at ifclear gpgtwoone See the option @option{--simple-sk-checksum} if you want to import an exported secret key into ancient OpenPGP implementations. - at end ifclear @item --import @itemx --fast-import @@ -605,33 +523,11 @@ This section explains the main commands for key management @table @gnupgtabopt - at ifset gpgtwoone - at item --quick-gen-key @code{user-id} - at opindex quick-gen-key -This is simple command to generate a standard key with one user id. -In contrast to @option{--gen-key} the key is generated directly -without the need to answer a bunch of prompts. Unless the option - at option{--yes} is given, the key creation will be canceled if the -given user id already exists in the key ring. - -If invoked directly on the console without any special options an -answer to a ``Continue?'' style confirmation prompt is required. In -case the user id already exists in the key ring a second prompt to -force the creation of the key will show up. - at end ifset - @item --gen-key @opindex gen-key Generate a new key pair using teh current default parameters. This is the standard command to create a new key. - at ifset gpgtwoone - at item --full-gen-key - at opindex gen-key -Generate a new key pair with dialogs for all options. This is an -extended version of @option{--gen-key}. - - at end ifset There is also a feature which allows you to create keys in batch mode. See the the manual section ``Unattended key generation'' on how to use this. @@ -957,34 +853,6 @@ Signs a public key with your secret key but marks it as non-exportable. This is a shortcut version of the subcommand "lsign" from @option{--edit-key}. - at ifset gpgtwoone - at item --quick-sign-key @code{fpr} [@code{names}] - at itemx --quick-lsign-key @code{name} - at opindex quick-sign-key - at opindex quick-lsign-key -Directly sign a key from the passphrase without any further user -interaction. The @code{fpr} must be the verified primary fingerprint -of a key in the local keyring. If no @code{names} are given, all -useful user ids are signed; with given [@code{names}] only useful user -ids matching one of theses names are signed. The command - at option{--quick-lsign-key} marks the signatures as non-exportable. If -such a non-exportable signature already exists the - at option{--quick-sign-key} turns it into a exportable signature. - -This command uses reasonable defaults and thus does not provide the -full flexibility of the "sign" subcommand from @option{--edit-key}. -Its intended use is to help unattended key signing by utilizing a list -of verified fingerprints. - at end ifset - - at ifclear gpgone - at item --passwd @var{user_id} - at opindex passwd -Change the passphrase of the secret key belonging to the certificate -specified as @var{user_id}. This is a shortcut for the sub-command - at code{passwd} of the edit key menu. - at end ifclear - @end table @@ -1286,13 +1154,7 @@ use the specified keyring alone, use @option{--keyring} along with @item --secret-keyring @code{file} @opindex secret-keyring - at ifset gpgtwoone -This is an obsolete option and ignored. All secret keys are stored in -the @file{private-keys-v1.d} directory below the GnuPG home directory. - at end ifset - at ifclear gpgtwoone Same as @option{--keyring} but for the secret keyrings. - at end ifclear @item --primary-keyring @code{file} @opindex primary-keyring @@ -1308,31 +1170,24 @@ the filename does not contain a slash, it is assumed to be in the GnuPG home directory (@file{~/.gnupg} if @option{--homedir} or $GNUPGHOME is not used). - at ifset gpgone @anchor{option --homedir} - at end ifset @include opt-homedir.texi - at ifset gpgone @item --pcsc-driver @code{file} @opindex pcsc-driver Use @code{file} to access the smartcard reader. The current default is `libpcsclite.so.1' for GLIBC based systems, `/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X, `winscard.dll' for Windows and `libpcsclite.so' for other systems. - at end ifset - at ifset gpgone @item --disable-ccid @opindex disable-ccid Disable the integrated support for CCID compliant readers. This allows to fall back to one of the other drivers even if the internal CCID driver can handle the reader. Note, that CCID support is only available if libusb was available at build time. - at end ifset - at ifset gpgone @item --reader-port @code{number_or_string} @opindex reader-port This option may be used to specify the port of the card terminal. A @@ -1341,7 +1196,6 @@ devices. The default is 32768 (first USB device). PC/SC or CCID readers might need a string here; run the program in verbose mode to get a list of available readers. The default is then the first reader found. - at end ifset @item --display-charset @code{name} @opindex display-charset @@ -1683,11 +1537,9 @@ are available for all keyserver types, some common options are: "http_proxy" environment variable, if any. - at ifclear gpgtwoone @item max-cert-size When retrieving a key via DNS CERT, only accept keys up to this size. Defaults to 16384 bytes. - at end ifclear @item debug Turn on debug output in the keyserver helper program. Note that the @@ -1696,28 +1548,16 @@ are available for all keyserver types, some common options are: program uses internally (libcurl, openldap, etc). @item check-cert - at ifset gpgtwoone - This option has no more function since GnuPG 2.1. Use the - @code{dirmngr} configuration options instead. - at end ifset - at ifclear gpgtwoone Enable certificate checking if the keyserver presents one (for hkps or ldaps). Defaults to on. - at end ifclear @item ca-cert-file - at ifset gpgtwoone - This option has no more function since GnuPG 2.1. Use the - @code{dirmngr} configuration options instead. - at end ifset - at ifclear gpgtwoone Provide a certificate store to override the system default. Only necessary if check-cert is enabled, and the keyserver is using a certificate that is not present in a system default certificate list. Note that depending on the SSL library that the keyserver helper is built with, this may actually be a directory or a file. - at end ifclear @end table @@ -1735,7 +1575,6 @@ key signer (defaults to 3) @opindex max-cert-depth Maximum depth of a certification chain (default is 5). - at ifclear gpgtwoone @item --simple-sk-checksum @opindex simple-sk-checksum Secret keys are integrity protected by using a SHA-1 checksum. This @@ -1747,7 +1586,6 @@ a security risk. Note that using this option only takes effect when the secret key is encrypted - the simplest way to make this happen is to change the passphrase on the key (even changing it to the same value is acceptable). - at end ifclear @item --no-sig-cache @opindex no-sig-cache @@ -1778,46 +1616,18 @@ process. @option{--no-auto-check-trustdb} disables this option. @item --use-agent @itemx --no-use-agent @opindex use-agent - at ifclear gpgone -This is dummy option. @command{@gpgname} always requires the agent. - at end ifclear - at ifset gpgone Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to the agent before it asks for a passphrase. @option{--no-use-agent} disables this option. - at end ifset @item --gpg-agent-info @opindex gpg-agent-info - at ifclear gpgone -This is dummy option. It has no effect when used with @command{gpg2}. - at end ifclear - at ifset gpgone Override the value of the environment variable @samp{GPG_AGENT_INFO}. This is only used when @option{--use-agent} has been given. Given that this option is not anymore used by @command{gpg2}, it should be avoided if possible. - at end ifset - at ifclear gpgone - at item --agent-program @var{file} - at opindex agent-program -Specify an agent program to be used for secret key operations. The -default value is the @file{/usr/bin/gpg-agent}. This is only used -as a fallback when the environment variable @code{GPG_AGENT_INFO} is not -set or a running agent cannot be connected. - at end ifclear - - at ifset gpgtwoone - at item --dirmngr-program @var{file} - at opindex dirmngr-program -Specify a dirmngr program to be used for keyserver access. The -default value is @file{/usr/sbin/dirmngr}. This is only used as a -fallback when the environment variable @code{DIRMNGR_INFO} is not set or -a running dirmngr cannot be connected. - at end ifset - @item --lock-once @opindex lock-once Lock the databases the first time a lock is requested @@ -1997,20 +1807,6 @@ Remove all entries from the @option{--group} list. Use @var{name} as the key to sign with. Note that this option overrides @option{--default-key}. - at ifset gpgtwoone - at item --try-secret-key @var{name} - at opindex try-secret-key -For hidden recipients GPG needs to know the keys to use for trial -decryption. The key set with @option{--default-key} is always tried -first, but this is often not sufficient. This option allows to set more -keys to be used for trial decryption. Although any valid user-id -specification may be used for @var{name} it makes sense to use at least -the long keyid to avoid ambiguities. Note that gpg-agent might pop up a -pinentry for a lot keys to do the trial decryption. If you want to stop -all further trial decryption you may use close-window button instead of -the cancel button. - at end ifset - @item --try-all-secrets @opindex try-all-secrets Don't look at the key ID as stored in the message but try all secret @@ -2129,17 +1925,11 @@ opposite meaning. The options are: Include designated revoker information that was marked as "sensitive". Defaults to no. - @c Since GnuPG 2.1 gpg-agent manages the secret key and thus the - @c export-reset-subkey-passwd hack is not anymore justified. Such use - @c cases need to be implemented using a specialized secret key export - @c tool. - at ifclear gpgtwoone @item export-reset-subkey-passwd When using the @option{--export-secret-subkeys} command, this option resets the passphrases for all exported subkeys to empty. This is useful when the exported subkey is to be used on an unattended machine where a passphrase doesn't necessarily make sense. Defaults to no. - at end ifclear @item export-clean Compact (remove all signatures from) user IDs on the key being @@ -2170,37 +1960,12 @@ source distribution. @opindex fixed-list-mode Do not merge primary user ID and primary key in @option{--with-colon} listing mode and print all timestamps as seconds since 1970-01-01. - at ifclear gpgone -Since GnuPG 2.0.10, this mode is always used and thus this option is -obsolete; it does not harm to use it though. - at end ifclear - - at ifset gpgtwoone - at item --legacy-list-mode - at opindex legacy-list-mode -Revert to the pre-2.1 public key list mode. This only affects the -human readable output and not the machine interface -(i.e. @code{--with-colons}). Note that the legacy format does not -allow to convey suitable information for elliptic curves. - at end ifset @item --with-fingerprint @opindex with-fingerprint Same as the command @option{--fingerprint} but changes only the format of the output and may be used together with another command. - at ifset gpgtwoone - at item --with-keygrip - at opindex with-keygrip -Include the keygrip in the key listings. - - at item --with-secret - at opindex with-secret -Include info about the presence of a secret key in public key listings -done with @code{--with-colons}. - - at end ifset - @end table @c ******************************************* @@ -2223,13 +1988,11 @@ platforms that have different line ending conventions (UNIX-like to Mac, Mac to Windows, etc). @option{--no-textmode} disables this option, and is the default. - at ifset gpgone If @option{-t} (but not @option{--textmode}) is used together with armoring and signing, this enables clearsigned messages. This kludge is needed for command-line compatibility with command-line versions of PGP; normally you would use @option{--sign} or @option{--clearsign} to select the type of the signature. - at end ifset @item --force-v3-sigs @itemx --no-force-v3-sigs @@ -2383,16 +2146,9 @@ a message that PGP 2.x will not be able to handle. Note that `PGP available, but the MIT release is a good common baseline. This option implies - at ifset gpgone @option{--rfc1991 --disable-mdc --no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. - at end ifset - at ifclear gpgone - at option{--rfc1991 --disable-mdc --no-force-v4-certs - --escape-from-lines --force-v3-sigs --allow-weak-digest-algos - --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. - at end ifclear It also disables @option{--textmode} when encrypting. This option is deprecated will be removed in GnuPG 2.1. The reason @@ -2493,12 +2249,10 @@ be given in C syntax (e.g. 0x0042). @opindex debug-all Set all useful debugging flags. - at ifset gpgone @item --debug-ccid-driver @opindex debug-ccid-driver Enable debug output from the included CCID driver for smartcards. Note that this option is only available on some system. - at end ifset @item --faked-system-time @var{epoch} @opindex faked-system-time @@ -2749,10 +2503,6 @@ Read the passphrase from file descriptor @code{n}. Only the first line will be read from file descriptor @code{n}. If you use 0 for @code{n}, the passphrase will be read from STDIN. This can only be used if only one passphrase is supplied. - at ifclear gpgone -Note that this passphrase is only used if the option @option{--batch} -has also been given. This is different from @command{gpg}. - at end ifclear @item --passphrase-file @code{file} @opindex passphrase-file @@ -2761,10 +2511,6 @@ be read from file @code{file}. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. - at ifclear gpgone -Note that this passphrase is only used if the option @option{--batch} -has also been given. This is different from @command{gpg}. - at end ifclear @item --passphrase @code{string} @opindex passphrase @@ -2772,30 +2518,6 @@ Use @code{string} as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very questionable security on a multi-user system. Don't use this option if you can avoid it. - at ifclear gpgone -Note that this passphrase is only used if the option @option{--batch} -has also been given. This is different from @command{gpg}. - at end ifclear - - at ifset gpgtwoone - at item --pinentry-mode @code{mode} - at opindex pinentry-mode -Set the pinentry mode to @code{mode}. Allowed values for @code{mode} -are: - at table @asis - @item default - Use the default of the agent, which is @code{ask}. - @item ask - Force the use of the Pinentry. - @item cancel - Emulate use of Pinentry's cancel button. - @item error - Return a Pinentry error (``No Pinentry''). - @item loopback - Redirect Pinentry queries to the caller. Note that in contrast to - Pinentry the user is not prompted again if he enters a bad password. - at end table - at end ifset @item --command-fd @code{n} @opindex command-fd @@ -2855,14 +2577,6 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. - at ifclear gpgone - at item --allow-weak-digest-algos - at opindex allow-weak-digest-algos -Signatures made with the broken MD5 algorithm are normally rejected -with an ``invalid digest algorithm'' message. This option allows the -verification of signatures made with such weak algorithms. - at end ifclear - @item --no-default-keyring @opindex no-default-keyring Do not add the default keyrings to the list of keyrings. Note that @@ -3026,14 +2740,12 @@ on the configuration file. @table @gnupgtabopt - at ifset gpgone @item --load-extension @code{name} @opindex load-extension Load an extension module. If @code{name} does not contain a slash it is searched for in the directory configured when GnuPG was built (generally "/usr/local/lib/gnupg"). Extensions are not generally useful anymore, and the use of this option is deprecated. - at end ifset @item --show-photos @itemx --no-show-photos @@ -3051,13 +2763,11 @@ Display the keyring name at the head of key listings to show which keyring a given key resides on. This option is deprecated: use @option{--list-options [no-]show-keyring} instead. - at ifset gpgone @item --ctapi-driver @code{file} @opindex ctapi-driver Use @code{file} to access the smartcard reader. The current default is `libtowitoko.so'. Note that the use of this interface is deprecated; it may be removed in future releases. - at end ifset @item --always-trust @opindex always-trust @@ -3113,10 +2823,6 @@ current home directory (@pxref{option --homedir}). Note that on larger installations, it is useful to put predefined files into the directory @file{/etc/skel/.gnupg/} so that newly created users start up with a working configuration. - at ifclear gpgone -For existing users the a small -helper script is provided to create these files (@pxref{addgnupghome}). - at end ifclear For internal purposes @command{@gpgname} creates and maintains a few other files; They all live in in the current home directory (@pxref{option @@ -3130,26 +2836,13 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/pubring.gpg.lock The lock file for the public keyring. - at ifset gpgtwoone @item ~/.gnupg/pubring.kbx - The public keyring using a different format. This file is sharred - with @command{gpgsm}. You should backup this file. - - @item ~/.gnupg/pubring.kbx.lock - The lock file for @file{pubring.kbx}. - at end ifset + @itemx ~/.gnupg/pubring.kbx.lock + A public keyring and its lock file used by GnuPG versions >= 2. + It is ignored by GnuPG 1.x @item ~/.gnupg/secring.gpg - at ifclear gpgtwoone The secret keyring. You should backup this file. - at end ifclear - at ifset gpgtwoone - A secret keyring as used by GnuPG versions before 2.1. It is not - used by GnuPG 2.1 and later. - - @item ~/.gnupg/.gpg-v21-migrated - File indicating that a migration to GnuPG 2.1 has taken place. - at end ifset @item ~/.gnupg/trustdb.gpg The trust database. There is no need to backup this file; it is better @@ -3195,9 +2888,8 @@ Operation is further controlled by a few environment variables: @item GPG_AGENT_INFO Used to locate the gpg-agent. - at ifset gpgone This is only honored when @option{--use-agent} is set. - at end ifset + The value consists of 3 colon delimited fields: The first is the path to the Unix Domain Socket, the second the PID of the gpg-agent and the protocol version which should be set to 1. When starting the gpg-agent @@ -3611,9 +3303,5 @@ these parameters: @mansect see also @ifset isman @command{gpgv}(1), - at ifclear gpgone - at command{gpgsm}(1), - at command{gpg-agent}(1) - at end ifclear @end ifset @include see-also-note.texi commit 3209f270d236fae588edaab3d48fe707eb25641c Author: Werner Koch Date: Mon Sep 29 11:11:30 2014 +0200 doc: Final update from master (gnupg 2.1) * doc/Makefile.am (sources_from_trunk): Remove. (update-source): Make it a dummy. * doc/gpg.texi: Update. * doc/yat2m.c: Update. -- Maintaining 3 versions in of the gpg manual in one file is getting more complicated with 2.1. Thus we stop this now and keep the manual for 1.4 separate. diff --git a/doc/Makefile.am b/doc/Makefile.am index f7601d7..a31f257 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -26,10 +26,6 @@ EXTRA_DIST = DETAILS FAQ \ myman_sources = gpg.texi gpgv.texi myman_pages = gpg.1 gpgv.1 - -sources_from_trunk = $(myman_sources) \ - opt-homedir.texi specify-user-id.texi see-also-note.texi - info_TEXINFOS = gnupg1.texi man_MANS = $(myman_pages) gnupg.7 gpg-zip.1 @@ -83,12 +79,6 @@ dist-hook: @if test "`wc -c < gpg.1`" -lt 200; then \ echo 'ERROR: dummy man page'; false; fi -# Copy shared files from the master branch. We keep the texinfo files -# all in master so that we need to modify only one source. Macros are -# used to customize them for a specific version. update-source: - @set -e; cd $(srcdir); \ - for i in $(sources_from_trunk) yat2m.c ; do \ - echo "updating from master:doc/$$i" >&2 ; \ - git show master:doc/$$i >$$i ; \ - done + @echo Not anymore used - we now keep docs for 1.x separate + @echo from GnuPG-2. diff --git a/doc/gpg.texi b/doc/gpg.texi index 8ea8199..ea6851c 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1,4 +1,4 @@ - at c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, @c 2008, 2009, 2010 Free Software Foundation, Inc. @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. @@ -14,6 +14,19 @@ @cindex command options @cindex options, GPG command + at c Begin algorithm defaults + + at ifclear gpgtwoone + at set DEFSYMENCALGO CAST5 + at end ifclear + + at ifset gpgtwoone + at set DEFSYMENCALGO AES128 + at end ifset + + at c End algorithm defaults + + @c Begin GnuPG 1.x specific stuff @ifset gpgone @macro gpgname @@ -217,7 +230,7 @@ decrypted via a secret key or a passphrase). @itemx -c @opindex symmetric Encrypt with a symmetric cipher using a passphrase. The default -symmetric cipher used is CAST5, but may be chosen with the +symmetric cipher used is @value{DEFSYMENCALGO}, but may be chosen with the @option{--cipher-algo} option. This option may be combined with @option{--sign} (for a signed and symmetrically encrypted message), @option{--encrypt} (for a message that may be decrypted via a secret key @@ -408,8 +421,8 @@ removed first. In batch mode the key must be specified by fingerprint. @opindex export Either export all keys from all keyrings (default keyrings and those registered via option @option{--keyring}), or if at least one name is given, -those of the given name. The new keyring is written to STDOUT or to the -file given with option @option{--output}. Use together with +those of the given name. The exported keys are written to STDOUT or to the +file given with option @option{--output}. Use together with @option{--armor} to mail those keys. @item --send-keys @code{key IDs} @@ -424,14 +437,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing. @itemx --export-secret-subkeys @opindex export-secret-keys @opindex export-secret-subkeys -Same as @option{--export}, but exports the secret keys instead. This is -normally not very useful and a security risk. The second form of the -command has the special property to render the secret part of the -primary key useless; this is a GNU extension to OpenPGP and other -implementations can not be expected to successfully import such a key. +Same as @option{--export}, but exports the secret keys instead. The +exported keys are written to STDOUT or to the file given with option + at option{--output}. This command is often used along with the option + at option{--armor} to allow easy printing of the key for paper backup; +however the external tool @command{paperkey} does a better job for +creating backups on paper. Note that exporting a secret key can be a +security risk if the exported keys are send over an insecure channel. + +The second form of the command has the special property to render the +secret part of the primary key useless; this is a GNU extension to +OpenPGP and other implementations can not be expected to successfully +import such a key. Its intended use is to generated a full key with +an additional signing subkey on a dedicated machine and then using +this command to export the key without the primary key to the main +machine. + + at ifset gpgtwoone +GnuPG may ask you to enter the passphrase for the key. This is +required because the internal protection method of the secret key is +different from the one specified by the OpenPGP protocol. + at end ifset @ifclear gpgtwoone -See the option @option{--simple-sk-checksum} if you want to import such -an exported key with an older OpenPGP implementation. +See the option @option{--simple-sk-checksum} if you want to import an +exported secret key into ancient OpenPGP implementations. @end ifclear @item --import @@ -576,14 +605,36 @@ This section explains the main commands for key management @table @gnupgtabopt + at ifset gpgtwoone + at item --quick-gen-key @code{user-id} + at opindex quick-gen-key +This is simple command to generate a standard key with one user id. +In contrast to @option{--gen-key} the key is generated directly +without the need to answer a bunch of prompts. Unless the option + at option{--yes} is given, the key creation will be canceled if the +given user id already exists in the key ring. + +If invoked directly on the console without any special options an +answer to a ``Continue?'' style confirmation prompt is required. In +case the user id already exists in the key ring a second prompt to +force the creation of the key will show up. + at end ifset + @item --gen-key @opindex gen-key -Generate a new key pair. This command is normally only used -interactively. +Generate a new key pair using teh current default parameters. This is +the standard command to create a new key. -There is an experimental feature which allows you to create keys in -batch mode. See the file @file{doc/DETAILS} in the source distribution -on how to use this. + at ifset gpgtwoone + at item --full-gen-key + at opindex gen-key +Generate a new key pair with dialogs for all options. This is an +extended version of @option{--gen-key}. + + at end ifset +There is also a feature which allows you to create keys in batch +mode. See the the manual section ``Unattended key generation'' on how +to use this. @item --gen-revoke @code{name} @opindex gen-revoke @@ -916,12 +967,14 @@ interaction. The @code{fpr} must be the verified primary fingerprint of a key in the local keyring. If no @code{names} are given, all useful user ids are signed; with given [@code{names}] only useful user ids matching one of theses names are signed. The command - at option{--quick-lsign-key} marks the signatures as non-exportable. + at option{--quick-lsign-key} marks the signatures as non-exportable. If +such a non-exportable signature already exists the + at option{--quick-sign-key} turns it into a exportable signature. This command uses reasonable defaults and thus does not provide the full flexibility of the "sign" subcommand from @option{--edit-key}. -Its intended use to help unattended signing using a list of verified -fingerprints. +Its intended use is to help unattended key signing by utilizing a list +of verified fingerprints. @end ifset @ifclear gpgone @@ -1063,6 +1116,13 @@ give the opposite meaning. The options are: see @option{--attribute-fd} for the appropriate way to get photo data for scripts and other frontends. + @item show-usage + @opindex list-options:show-usage + Show usage information for keys and subkeys in the standard key + listing. This is a list of letters indicating the allowed usage for a + key (@code{E}=encryption, @code{S}=signing, @code{C}=certification, + @code{A}=authentication). Defaults to no. + @item show-policy-urls @opindex list-options:show-policy-urls Show policy URLs in the @option{--list-sigs} or @option{--check-sigs} @@ -1226,7 +1286,13 @@ use the specified keyring alone, use @option{--keyring} along with @item --secret-keyring @code{file} @opindex secret-keyring + at ifset gpgtwoone +This is an obsolete option and ignored. All secret keys are stored in +the @file{private-keys-v1.d} directory below the GnuPG home directory. + at end ifset + at ifclear gpgtwoone Same as @option{--keyring} but for the secret keyrings. + at end ifclear @item --primary-keyring @code{file} @opindex primary-keyring @@ -1436,7 +1502,7 @@ Set what trust model GnuPG should follow. The models are: @item classic @opindex trust-mode:classic - This is the standard Web of Trust as used in PGP 2.x and earlier. + This is the standard Web of Trust as introduced by PGP 2. @item direct @opindex trust-mode:direct @@ -2232,7 +2298,7 @@ to consider (e.g. @option{--symmetric}). @item --s2k-cipher-algo @code{name} @opindex s2k-cipher-algo Use @code{name} as the cipher algorithm used to protect secret keys. -The default cipher is CAST5. This cipher is also used for +The default cipher is @value{DEFSYMENCALGO}. This cipher is also used for conventional encryption if @option{--personal-cipher-preferences} and @option{--cipher-algo} is not given. @@ -2302,9 +2368,11 @@ behavior. Note that this is currently the same thing as Reset all packet, cipher and digest options to strict RFC-2440 behavior. + at ifclear gpgtowone @item --rfc1991 @opindex rfc1991 -Try to be more RFC-1991 (PGP 2.x) compliant. +Try to be more RFC-1991 (PGP 2.x) compliant. This option is +deprecated will be removed in GnuPG 2.1. @item --pgp2 @opindex pgp2 @@ -2314,14 +2382,24 @@ a message that PGP 2.x will not be able to handle. Note that `PGP 2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x available, but the MIT release is a good common baseline. -This option implies @option{--rfc1991 --disable-mdc ---no-force-v4-certs --escape-from-lines --force-v3-sigs +This option implies + at ifset gpgone + at option{--rfc1991 --disable-mdc --no-force-v4-certs + --escape-from-lines --force-v3-sigs + --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. + at end ifset @ifclear gpgone ---allow-weak-digest-algos + at option{--rfc1991 --disable-mdc --no-force-v4-certs + --escape-from-lines --force-v3-sigs --allow-weak-digest-algos + --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. + at end ifclear +It also disables @option{--textmode} when encrypting. + +This option is deprecated will be removed in GnuPG 2.1. The reason +for dropping PGP-2 support is that the PGP 2 format is not anymore +considered safe (for example due to the use of the broken MD5 algorithm). +Note that the decryption of PGP-2 created messages will continue to work. @end ifclear ---cipher-algo IDEA --digest-algo -MD5--compress-algo ZIP}. It also disables @option{--textmode} when -encrypting. @item --pgp6 @opindex pgp6 @@ -3086,6 +3164,16 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/secring.gpg.lock The lock file for the secret keyring. + @item ~/.gnupg/openpgp-revocs.d/ + This is the directory where gpg stores pre-generated revocation + certificates. The file name corresponds to the OpenPGP fingerprint of + the respective key. It is suggested to backup those certificates and + if the primary private key is not stored on the disk to move them to + an external storage device. Anyone who can access theses files is + able to revoke the corresponding key. You may want to print them out. + You should backup all files in this directory and take care to keep + this backup closed away. + @item /usr[/local]/share/gnupg/options.skel The skeleton options file. @@ -3435,7 +3523,7 @@ sense. Although OpenPGP works with time intervals, GnuPG uses an absolute value internally and thus the last year we can represent is 2105. - at item Ceation-Date: @var{iso-date} + at item Creation-Date: @var{iso-date} Set the creation date of the key as stored in the key information and which is also part of the fingerprint calculation. Either a date like "1986-04-26" or a full timestamp like "19860426T042640" may be used. diff --git a/doc/yat2m.c b/doc/yat2m.c index 2ac4390..f780952 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -87,6 +87,10 @@ detects the number of white spaces in front of an @item and remove this number of spaces from all following lines until a new @item is found or there are less spaces than for the last @item. + + Note that @* does only work correctly if used at the end of an + input line. + */ #include @@ -136,6 +140,9 @@ typedef struct macro_s *macro_t; /* List of all defined macros. */ static macro_t macrolist; +/* List of variables set by @set. */ +static macro_t variablelist; + /* List of global macro names. The value part is not used. */ static macro_t predefinedmacrolist; @@ -375,8 +382,44 @@ set_macro (const char *macroname, char *macrovalue) } -/* Return true if the macro NAME is set, i.e. not the empty string and - not evaluating to 0. */ +/* Create or update a variable with name and value given in NAMEANDVALUE. */ +static void +set_variable (char *nameandvalue) +{ + macro_t m; + const char *value; + char *p; + + for (p = nameandvalue; *p && *p != ' ' && *p != '\t'; p++) + ; + if (!*p) + value = ""; + else + { + *p++ = 0; + while (*p == ' ' || *p == '\t') + p++; + value = p; + } + + for (m=variablelist; m; m = m->next) + if (!strcmp (m->name, nameandvalue)) + break; + if (m) + free (m->value); + else + { + m = xcalloc (1, sizeof *m + strlen (nameandvalue)); + strcpy (m->name, nameandvalue); + m->next = variablelist; + variablelist = m; + } + m->value = xstrdup (value); +} + + +/* Return true if the macro or variable NAME is set, i.e. not the + empty string and not evaluating to 0. */ static int macro_set_p (const char *name) { @@ -385,6 +428,10 @@ macro_set_p (const char *name) for (m = macrolist; m ; m = m->next) if (!strcmp (m->name, name)) break; + if (!m) + for (m = variablelist; m ; m = m->next) + if (!strcmp (m->name, name)) + break; if (!m || !m->value || !*m->value) return 0; if ((*m->value & 0x80) || !isdigit (*m->value)) @@ -664,8 +711,11 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "table", 3 }, { "itemize", 3 }, { "bullet", 0, "* " }, + { "*", 0, "\n.br"}, + { "/", 0 }, { "end", 4 }, { "quotation",1, ".RS\n\\fB" }, + { "value", 8 }, { NULL } }; size_t n; @@ -741,11 +791,46 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, case 7: ignore_args = 1; break; + case 8: + ignore_args = 1; + if (*rest != '{') + { + err ("opening brace for command '%s' missing", command); + return len; + } + else + { + /* Find closing brace. */ + for (s=rest+1, n=1; *s && n < len; s++, n++) + if (*s == '}') + break; + if (*s != '}') + { + err ("closing brace for command '%s' not found", command); + return len; + } + else + { + size_t len = s - (rest + 1); + macro_t m; + + for (m = variablelist; m; m = m->next) + if (strlen (m->name) == len + &&!strncmp (m->name, rest+1, len)) + break; + if (m) + fputs (m->value, fp); + else + inf ("texinfo variable '%.*s' is not set", + (int)len, rest+1); + } + } + break; default: break; } } - else + else /* macro */ { macro_t m; @@ -1215,6 +1300,10 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) macrovalue = xmalloc ((macrovaluesize = 1024)); macrovalueused = 0; } + else if (n == 4 && !memcmp (line, "@set", 4)) + { + set_variable (p); + } else if (n == 8 && !memcmp (line, "@manpage", 8)) { free (*section_name); @@ -1325,6 +1414,13 @@ top_parse_file (const char *fname, FILE *fp) free (macrolist); macrolist = next; } + while (variablelist) + { + macro_t next = variablelist->next; + free (variablelist->value); + free (variablelist); + variablelist = next; + } for (m=predefinedmacrolist; m; m = m->next) set_macro (m->name, xstrdup ("1")); cond_is_active = 1; commit ad30b2a4ae06a51f747bbd8a3c0985333295f8c6 Author: Werner Koch Date: Thu Sep 25 09:47:28 2014 +0200 Allow use of --debug-level=LEVEL without '='. * g10/gpg.c (opts): Fix "debug-level". diff --git a/NEWS b/NEWS index 5e12a86..6fb00cd 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ Noteworthy changes in version 1.4.19 (unreleased) ------------------------------------------------- + * Fix argument parsing for option --debug-level. + Noteworthy changes in version 1.4.18 (2014-06-30) ------------------------------------------------- diff --git a/g10/gpg.c b/g10/gpg.c index dbf2f40..1b0a364 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -518,7 +518,7 @@ static ARGPARSE_OPTS opts[] = { { oOptions, "options", 2, "@"}, { oDebug, "debug" ,4|16, "@"}, { oDebugAll, "debug-all" ,0, "@"}, - { oDebugLevel, "debug-level" ,0, "@"}, + { oDebugLevel, "debug-level" ,2, "@"}, { oStatusFD, "status-fd" ,1, "@"}, { oStatusFile, "status-file" ,2, "@"}, { oAttributeFD, "attribute-fd" ,1, "@" }, ----------------------------------------------------------------------- Summary of changes: NEWS | 2 + doc/Makefile.am | 16 +-- doc/gpg.texi | 384 ++++++++++++------------------------------------------- doc/yat2m.c | 102 ++++++++++++++- g10/gpg.c | 2 +- 5 files changed, 185 insertions(+), 321 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 29 11:50:03 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 29 Sep 2014 11:50:03 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-18-gedd191e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via edd191e5b006dc6ace1d41672e7201cbe58c41c9 (commit) from d33246700578cddd1cb8ed8164cfbba50aba4ef3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit edd191e5b006dc6ace1d41672e7201cbe58c41c9 Author: Werner Koch Date: Mon Sep 29 11:49:50 2014 +0200 doc: Remove GnuPG-1 related parts from gpg.texi. * doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info. * doc/gpg.texi: Remove gpg1 related texts. diff --git a/doc/Makefile.am b/doc/Makefile.am index 870aa91..2f048d7 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -60,7 +60,7 @@ DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css -D gpgtwoone YAT2M_OPTIONS = -I $(srcdir) -D gpgtwoone \ - --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard" + --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard 2.1" myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \ dirmngr.texi scdaemon.texi tools.texi diff --git a/doc/gpg.texi b/doc/gpg.texi index ea6851c..31bdda0 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3,10 +3,9 @@ @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. - at c Note that we use this texinfo file for all versions of GnuPG: 1.4.x, - at c 2.0 and 2.1. The macro "gpgone" controls parts which are only valid - at c for GnuPG 1.4, the macro "gpgtwoone" controls parts which are only - at c valid for GnupG 2.1 and later. + at c Note that we use this texinfo file for all GnuPG-2 branches. + at c The macro "gpgtwoone" controls parts which are only + at c valid for GnuPG 2.1 and later. @node Invoking GPG @chapter Invoking GPG @@ -27,33 +26,6 @@ @c End algorithm defaults - at c Begin GnuPG 1.x specific stuff - at ifset gpgone - at macro gpgname -gpg - at end macro - at manpage gpg.1 - at ifset manverb -.B gpg -\- OpenPGP encryption and signing tool - at end ifset - - at mansect synopsis - at ifset manverb -.B gpg -.RB [ \-\-homedir -.IR dir ] -.RB [ \-\-options -.IR file ] -.RI [ options ] -.I command -.RI [ args ] - at end ifset - at end ifset - at c End GnuPG 1.x specific stuff - - at c Begin GnuPG 2 specific stuff - at ifclear gpgone @macro gpgname gpg2 @end macro @@ -74,8 +46,7 @@ gpg2 .I command .RI [ args ] @end ifset - at end ifclear - at c Begin GnuPG 2 specific stuff + @mansect description @command{@gpgname} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It @@ -84,28 +55,17 @@ OpenPGP standard. @command{@gpgname} features complete key management and all bells and whistles you can expect from a decent OpenPGP implementation. - at ifset gpgone -This is the standalone version of @command{gpg}. For desktop use you -should consider using @command{gpg2} @footnote{On some platforms gpg2 is -installed under the name @command{gpg}}. - at end ifset - - at ifclear gpgone -In contrast to the standalone version @command{gpg}, which is more -suited for server and embedded platforms, this version is commonly -installed under the name @command{gpg2} and more targeted to the desktop -as it requires several other modules to be installed. The standalone -version will be kept maintained and it is possible to install both -versions on the same system. If you need to use different configuration -files, you should make use of something like @file{gpg.conf-2} instead -of just @file{gpg.conf}. - at end ifclear +In contrast to the standalone command gpg from GnuPG 1.x, which is +might be better suited for server and embedded platforms, the 2.x +version is commonly installed under the name @command{gpg2} and +targeted to the desktop as it requires several other modules to be +installed. @manpause - at ifclear gpgone -Documentation for the old standard @command{gpg} is available as a man -page and at @inforef{Top,GnuPG 1,gpg}. - at end ifclear +The old 1.x version will be kept maintained and it is possible to +install both versions on the same system. Documentation for the old +GnuPG 1.x command is available as a man page and at + at inforef{Top,GnuPG 1,gpg}. @xref{Option Index}, for an index to @command{@gpgname}'s commands and options. @mancont @@ -300,12 +260,6 @@ Identical to @option{--multifile --decrypt}. @opindex list-keys List all keys from the public keyrings, or just the keys given on the command line. - at ifset gpgone - at option{-k} is slightly different from @option{--list-keys} in that it -allows only for one argument and takes the second argument as the -keyring to search. This is for command line compatibility with PGP 2 -and has been removed in @command{gpg2}. - at end ifset Avoid using the output of this command in scripts or other programs as it is likely to change as GnuPG changes. See @option{--with-colons} for a @@ -323,10 +277,8 @@ secret key is not usable (for example, if it was created via @item --list-sigs @opindex list-sigs Same as @option{--list-keys}, but the signatures are listed too. - at ifclear gpgone This command has the same effect as using @option{--list-keys} with @option{--with-sig-list}. - at end ifclear For each signature listed, there are several flags in between the "sig" tag and keyid. These flags give additional information about each @@ -346,10 +298,8 @@ command "tsign"). Same as @option{--list-sigs}, but the signatures are verified. Note that for performance reasons the revocation status of a signing key is not shown. - at ifclear gpgone This command has the same effect as using @option{--list-keys} with @option{--with-sig-check}. - at end ifclear The status of the verification is indicated by a flag directly following the "sig" tag (and thus before the flags described above for @@ -358,7 +308,6 @@ successfully verified, a "-" denotes a bad signature and a "%" is used if an error occurred while checking the signature (e.g. a non supported algorithm). - at ifclear gpgone @item --locate-keys @opindex locate-keys Locate the keys given as arguments. This command basically uses the @@ -366,8 +315,6 @@ same algorithm as used when locating keys for encryption or signing and may thus be used to see what keys @command{@gpgname} might use. In particular external methods as defined by @option{--auto-key-locate} may be used to locate a key. Only public keys are listed. - at end ifclear - @item --fingerprint @opindex fingerprint @@ -977,13 +924,11 @@ Its intended use is to help unattended key signing by utilizing a list of verified fingerprints. @end ifset - at ifclear gpgone @item --passwd @var{user_id} @opindex passwd Change the passphrase of the secret key belonging to the certificate specified as @var{user_id}. This is a shortcut for the sub-command @code{passwd} of the edit key menu. - at end ifclear @end table @@ -1308,41 +1253,9 @@ the filename does not contain a slash, it is assumed to be in the GnuPG home directory (@file{~/.gnupg} if @option{--homedir} or $GNUPGHOME is not used). - at ifset gpgone - at anchor{option --homedir} - at end ifset @include opt-homedir.texi - at ifset gpgone - at item --pcsc-driver @code{file} - at opindex pcsc-driver -Use @code{file} to access the smartcard reader. The current default is -`libpcsclite.so.1' for GLIBC based systems, -`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X, -`winscard.dll' for Windows and `libpcsclite.so' for other systems. - at end ifset - - at ifset gpgone - at item --disable-ccid - at opindex disable-ccid -Disable the integrated support for CCID compliant readers. This -allows to fall back to one of the other drivers even if the internal -CCID driver can handle the reader. Note, that CCID support is only -available if libusb was available at build time. - at end ifset - - at ifset gpgone - at item --reader-port @code{number_or_string} - at opindex reader-port -This option may be used to specify the port of the card terminal. A -value of 0 refers to the first serial device; add 32768 to access USB -devices. The default is 32768 (first USB device). PC/SC or CCID -readers might need a string here; run the program in verbose mode to get -a list of available readers. The default is then the first reader -found. - at end ifset - @item --display-charset @code{name} @opindex display-charset Set the name of the native character set. This is used to convert @@ -1778,36 +1691,19 @@ process. @option{--no-auto-check-trustdb} disables this option. @item --use-agent @itemx --no-use-agent @opindex use-agent - at ifclear gpgone This is dummy option. @command{@gpgname} always requires the agent. - at end ifclear - at ifset gpgone -Try to use the GnuPG-Agent. With this option, GnuPG first tries to -connect to the agent before it asks for a -passphrase. @option{--no-use-agent} disables this option. - at end ifset @item --gpg-agent-info @opindex gpg-agent-info - at ifclear gpgone This is dummy option. It has no effect when used with @command{gpg2}. - at end ifclear - at ifset gpgone -Override the value of the environment variable - at samp{GPG_AGENT_INFO}. This is only used when @option{--use-agent} has -been given. Given that this option is not anymore used by - at command{gpg2}, it should be avoided if possible. - at end ifset - at ifclear gpgone @item --agent-program @var{file} @opindex agent-program Specify an agent program to be used for secret key operations. The default value is the @file{/usr/bin/gpg-agent}. This is only used as a fallback when the environment variable @code{GPG_AGENT_INFO} is not set or a running agent cannot be connected. - at end ifclear @ifset gpgtwoone @item --dirmngr-program @var{file} @@ -2170,10 +2066,8 @@ source distribution. @opindex fixed-list-mode Do not merge primary user ID and primary key in @option{--with-colon} listing mode and print all timestamps as seconds since 1970-01-01. - at ifclear gpgone Since GnuPG 2.0.10, this mode is always used and thus this option is obsolete; it does not harm to use it though. - at end ifclear @ifset gpgtwoone @item --legacy-list-mode @@ -2223,14 +2117,6 @@ platforms that have different line ending conventions (UNIX-like to Mac, Mac to Windows, etc). @option{--no-textmode} disables this option, and is the default. - at ifset gpgone -If @option{-t} (but not @option{--textmode}) is used together with -armoring and signing, this enables clearsigned messages. This kludge is -needed for command-line compatibility with command-line versions of PGP; -normally you would use @option{--sign} or @option{--clearsign} to select -the type of the signature. - at end ifset - @item --force-v3-sigs @itemx --no-force-v3-sigs @opindex force-v3-sigs @@ -2383,16 +2269,9 @@ a message that PGP 2.x will not be able to handle. Note that `PGP available, but the MIT release is a good common baseline. This option implies - at ifset gpgone - at option{--rfc1991 --disable-mdc --no-force-v4-certs - --escape-from-lines --force-v3-sigs - --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. - at end ifset - at ifclear gpgone @option{--rfc1991 --disable-mdc --no-force-v4-certs --escape-from-lines --force-v3-sigs --allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. - at end ifclear It also disables @option{--textmode} when encrypting. This option is deprecated will be removed in GnuPG 2.1. The reason @@ -2493,13 +2372,6 @@ be given in C syntax (e.g. 0x0042). @opindex debug-all Set all useful debugging flags. - at ifset gpgone - at item --debug-ccid-driver - at opindex debug-ccid-driver -Enable debug output from the included CCID driver for smartcards. -Note that this option is only available on some system. - at end ifset - @item --faked-system-time @var{epoch} @opindex faked-system-time This option is only useful for testing; it sets the system time back or @@ -2749,10 +2621,9 @@ Read the passphrase from file descriptor @code{n}. Only the first line will be read from file descriptor @code{n}. If you use 0 for @code{n}, the passphrase will be read from STDIN. This can only be used if only one passphrase is supplied. - at ifclear gpgone + Note that this passphrase is only used if the option @option{--batch} -has also been given. This is different from @command{gpg}. - at end ifclear +has also been given. This is different from GnuPG version 1.x. @item --passphrase-file @code{file} @opindex passphrase-file @@ -2761,10 +2632,8 @@ be read from file @code{file}. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. - at ifclear gpgone Note that this passphrase is only used if the option @option{--batch} -has also been given. This is different from @command{gpg}. - at end ifclear +has also been given. This is different from GnuPG version 1.x. @item --passphrase @code{string} @opindex passphrase @@ -2772,10 +2641,8 @@ Use @code{string} as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very questionable security on a multi-user system. Don't use this option if you can avoid it. - at ifclear gpgone Note that this passphrase is only used if the option @option{--batch} -has also been given. This is different from @command{gpg}. - at end ifclear +has also been given. This is different from GnuPG version 1.x. @ifset gpgtwoone @item --pinentry-mode @code{mode} @@ -2855,13 +2722,11 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. - at ifclear gpgone @item --allow-weak-digest-algos @opindex allow-weak-digest-algos Signatures made with the broken MD5 algorithm are normally rejected with an ``invalid digest algorithm'' message. This option allows the verification of signatures made with such weak algorithms. - at end ifclear @item --no-default-keyring @opindex no-default-keyring @@ -3026,15 +2891,6 @@ on the configuration file. @table @gnupgtabopt - at ifset gpgone - at item --load-extension @code{name} - at opindex load-extension -Load an extension module. If @code{name} does not contain a slash it is -searched for in the directory configured when GnuPG was built -(generally "/usr/local/lib/gnupg"). Extensions are not generally -useful anymore, and the use of this option is deprecated. - at end ifset - @item --show-photos @itemx --no-show-photos @opindex show-photos @@ -3051,14 +2907,6 @@ Display the keyring name at the head of key listings to show which keyring a given key resides on. This option is deprecated: use @option{--list-options [no-]show-keyring} instead. - at ifset gpgone - at item --ctapi-driver @code{file} - at opindex ctapi-driver -Use @code{file} to access the smartcard reader. The current default -is `libtowitoko.so'. Note that the use of this interface is -deprecated; it may be removed in future releases. - at end ifset - @item --always-trust @opindex always-trust Identical to @option{--trust-model always}. This option is deprecated. @@ -3113,10 +2961,8 @@ current home directory (@pxref{option --homedir}). Note that on larger installations, it is useful to put predefined files into the directory @file{/etc/skel/.gnupg/} so that newly created users start up with a working configuration. - at ifclear gpgone -For existing users the a small +For existing users a small helper script is provided to create these files (@pxref{addgnupghome}). - at end ifclear For internal purposes @command{@gpgname} creates and maintains a few other files; They all live in in the current home directory (@pxref{option @@ -3195,9 +3041,7 @@ Operation is further controlled by a few environment variables: @item GPG_AGENT_INFO Used to locate the gpg-agent. - at ifset gpgone - This is only honored when @option{--use-agent} is set. - at end ifset + The value consists of 3 colon delimited fields: The first is the path to the Unix Domain Socket, the second the PID of the gpg-agent and the protocol version which should be set to 1. When starting the gpg-agent @@ -3611,9 +3455,7 @@ these parameters: @mansect see also @ifset isman @command{gpgv}(1), - at ifclear gpgone @command{gpgsm}(1), @command{gpg-agent}(1) - at end ifclear @end ifset @include see-also-note.texi ----------------------------------------------------------------------- Summary of changes: doc/Makefile.am | 2 +- doc/gpg.texi | 196 ++++++------------------------------------------------- 2 files changed, 20 insertions(+), 178 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Sep 29 18:20:47 2014 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Mon, 29 Sep 2014 18:20:47 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.16-9-gd275700 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via d2757001c5719ca8c8bd6aa2e2e2d9a299fb76c6 (commit) via d66ad0ba8438a9e6d285228cb62bac9d31678d64 (commit) via d58fa35e89feddb71feeba8e39a016cd37c4be29 (commit) from 1d3f2ac2165a76d0283f5487ff36883720f11169 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d2757001c5719ca8c8bd6aa2e2e2d9a299fb76c6 Author: Daniel Kahn Gillmor Date: Mon Sep 29 11:37:55 2014 -0400 GNU calls little-endian powerpc64 powerpc64le, not powerpc64el * src/Makefile.am (lock_obj_pub): fix powerpc64el to powerpc64le * src/sysconfig/lock-obj-pub.powerpc64el-unknown-linux-gnu.h : move to src/sysconfig/lock-obj-pub.powerpc64le-unknown-linux-gnu.h -- 33e5504fbb5e5e2ff44023c0a22dfb668ff8b10f created lock-obj-pub for little-endian powerpc64, but misnamed the patch file as powerpc64el instead of powerpc64le. Sorry for the earlier mistake, this should correct it. See commentary from Helmut Grohne at https://bugs.debian.org/762322#34 Debian-bug-id: 762322 diff --git a/src/Makefile.am b/src/Makefile.am index 62579dc..65f8513 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -57,7 +57,7 @@ lock_obj_pub = \ syscfg/lock-obj-pub.mipsel-unknown-linux-gnu.h \ syscfg/lock-obj-pub.powerpc-unknown-linux-gnu.h \ syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h \ - syscfg/lock-obj-pub.powerpc64el-unknown-linux-gnu.h \ + syscfg/lock-obj-pub.powerpc64le-unknown-linux-gnu.h \ syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h \ syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h \ syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h \ diff --git a/src/syscfg/lock-obj-pub.powerpc64el-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.powerpc64le-unknown-linux-gnu.h similarity index 100% rename from src/syscfg/lock-obj-pub.powerpc64el-unknown-linux-gnu.h rename to src/syscfg/lock-obj-pub.powerpc64le-unknown-linux-gnu.h commit d66ad0ba8438a9e6d285228cb62bac9d31678d64 Author: Werner Koch Date: Thu Sep 25 17:08:56 2014 +0200 Update error reference. -- diff --git a/doc/errorref.txt b/doc/errorref.txt index f4ff673..666dca6 100644 --- a/doc/errorref.txt +++ b/doc/errorref.txt @@ -1,4 +1,6 @@ -grep -n -e ERR_CONFLICT ~/w/{gnupg,libksba,libgcrypt,gpgme,gpa}/*/*.[ch] +# find ~/s/{gnupg,libgpg-error,libksba,libgcrypt,gpgme,gpa} -type f \ +# -name '*.[ch]' -print0 | xargs -0 grep -n GPG_ERR_ + GPG_ERR_UNKNOWN_PACKET Unknown packet @@ -83,7 +85,7 @@ GPG_ERR_NO_PUBKEY No public key does not necessary mean that the certifciate is not available but the specification method may not be usable for the given certificate. May also happen for - certificates somehwere in the chain while validaiting a + certificates somewhere in the chain while validaiting a certificate chain. - The requested encryption certificate was not found. - A certificate specified in a CMS message is not @@ -99,13 +101,21 @@ GPG_ERR_CHECKSUM Checksum error GCRYPT: - Decryption in AESWRAP mode does not match the expected IV. [more to come] -11 GPG_ERR_BAD_PASSPHRASE Bad passphrase +GPG_ERR_BAD_PASSPHRASE Bad passphrase + + GNUPG: - The entered passphrase does not verify + + 12 GPG_ERR_CIPHER_ALGO Invalid cipher algorithm 13 GPG_ERR_KEYRING_OPEN Keyring open 14 GPG_ERR_INV_PACKET Invalid packet 15 GPG_ERR_INV_ARMOR Invalid armor 16 GPG_ERR_NO_USER_ID No user ID -17 GPG_ERR_NO_SECKEY No secret key + +GPG_ERR_NO_SECKEY No secret key + + NTBTLS: - No private key or pre-shared key available. + 18 GPG_ERR_WRONG_SECKEY Wrong secret key used GPG_ERR_BAD_KEY Bad session key @@ -146,14 +156,19 @@ GPG_ERR_VALUE_NOT_FOUND Value not found 29 GPG_ERR_SYNTAX Syntax error 30 GPG_ERR_BAD_MPI Bad MPI value -31 GPG_ERR_INV_PASSPHRASE Invalid passphrase + +GPG_ERR_INV_PASSPHRASE Invalid passphrase + + GNUPG: - Required constraints of the passphrase are not met. + 32 GPG_ERR_SIG_CLASS Invalid signature class 33 GPG_ERR_RESOURCE_LIMIT Resources exhausted 34 GPG_ERR_INV_KEYRING Invalid keyring 35 GPG_ERR_TRUSTDB Trust DB error - GPG_ERR_BAD_CERT Bad certificate +GPG_ERR_BAD_CERT Bad certificate + GPG_ERR_INV_USER_ID Invalid user ID @@ -169,8 +184,10 @@ GPG_ERR_INV_USER_ID Invalid user ID GPG_ERR_WRONG_PUBKEY_ALGO Wrong public key algorithm GNUPG: - The algorithm is not expected. For example a DSA - algorithm is used where a non-DSA algorithm is expected - or vice versa. May indicate an internal error. + algorithm is used where a non-DSA algorithm is expected + or vice versa. May indicate an internal error. + NTBTLS: - Public key type mismatch. The peer presented a + different key type than requested. 42 GPG_ERR_TRIBUTE_TO_D_A Tribute to D. A. @@ -207,6 +224,9 @@ GPG_ERR_INV_ARG Invalid argument GPG_ERR_MISSING_CERT Missing certificate + NTBTLS: - The server needs to send a certifciate but none has been + set. See also GPG_ERR_MISSING_ISSUER_CERT and + GPG_ERR_MISSING_CLIENT_CERT. @@ -230,7 +250,10 @@ GPG_ERR_MISSING_CERT Missing certificate 66 GPG_ERR_TOO_SHORT Provided object is too short 67 GPG_ERR_TOO_LARGE Provided object is too large 68 GPG_ERR_NO_OBJ Missing item in object -69 GPG_ERR_NOT_IMPLEMENTED Not implemented + +GPG_ERR_NOT_IMPLEMENTED Not implemented + + NTBTLS: - The requested feature is not implemented. GPG_ERR_CONFLICT Conflicting use @@ -320,6 +343,7 @@ GPG_ERR_UNSUPPORTED_PROTOCOL Unsupported protocol GPG_AGENT: - Invalid shadow_info protocol (not "t1-v1") LIBKSBA: - Unknown OID of the OCSP response bytes GPGME: - GPGME_PROTOCOL_xxx not supported. + NTBTLS: - Handshake protocol version not supported. 122 GPG_ERR_BAD_PIN_METHOD Bad PIN method @@ -446,7 +470,14 @@ GPG_ERR_INV_CERT_OBJ Invalid certificate object 166 GPG_ERR_LOCALE_PROBLEM A locale function failed 167 GPG_ERR_NOT_LOCKED Not locked 168 GPG_ERR_PROTOCOL_VIOLATION Protocol violation -169 GPG_ERR_INV_MAC Invalid MAC + + +GPG_ERR_INV_MAC Invalid MAC + + The length, algo, or other properties of a MAC are not met. + See also GPG_ERR_BAD_MAC. + + 170 GPG_ERR_INV_REQUEST Invalid request 171 GPG_ERR_UNKNOWN_EXTN Unknown extension 172 GPG_ERR_UNKNOWN_CRIT_EXTN Unknown critical extension @@ -555,6 +586,120 @@ GPG_ERR_MAC_ALGO 199 GPG_ERR_UNFINISHED Operation not yet finished 200 GPG_ERR_BUFFER_TOO_SHORT Buffer too short +201 GPG_ERR_SEXP_INV_LEN_SPEC Invalid length specifier in S-expression +202 GPG_ERR_SEXP_STRING_TOO_LONG String too long in S-expression +203 GPG_ERR_SEXP_UNMATCHED_PAREN Unmatched parentheses in S-expression +204 GPG_ERR_SEXP_NOT_CANONICAL S-expression not canonical +205 GPG_ERR_SEXP_BAD_CHARACTER Bad character in S-expression +206 GPG_ERR_SEXP_BAD_QUOTATION Bad quotation in S-expression +207 GPG_ERR_SEXP_ZERO_PREFIX Zero prefix in S-expression +208 GPG_ERR_SEXP_NESTED_DH Nested display hints in S-expression +209 GPG_ERR_SEXP_UNMATCHED_DH Unmatched display hints +210 GPG_ERR_SEXP_UNEXPECTED_PUNC Unexpected reserved punctuation in S-expression +211 GPG_ERR_SEXP_BAD_HEX_CHAR Bad hexadecimal character in S-expression +212 GPG_ERR_SEXP_ODD_HEX_NUMBERS Odd hexadecimal numbers in S-expression +213 GPG_ERR_SEXP_BAD_OCT_CHAR Bad octal character in S-expression + + + +GPG_ERR_NO_CERT_CHAIN No certificate chain + + NTBTLS: - A CA chain has not been set but is required. + +GPG_ERR_CERT_TOO_LARGE Certificate is too large + + NTBTLS: - A certificate is too large to be used by the protocol. + +GPG_ERR_INV_RECORD Invalid record + + NTBTLS: - An invalid record was received + +GPG_ERR_BAD_MAC The MAC does not verify + + NTBTLS: - MAC verification of the message failed. + +GPG_ERR_UNEXPECTED_MSG Unexpected message + + NTBTLS: - Unexpected message received. + +GPG_ERR_COMPR_FAILED Compression or decompression failed + + NTBTLS: - As the description says. + +GPG_ERR_WOULD_WRAP A counter would wrap + + NTBTLS: - Too many messages exchanged + +GPG_ERR_FATAL_ALERT Fatal alert message received + + NTBTLS: - Fatal alert message received from the peer. + +GPG_ERR_NO_CIPHER No cipher algorithm + + NTBTLS: - Server and client have no algo in common + +GPG_ERR_MISSING_CLIENT_CERT Missing client certificate + + NTBTLS: - No certificate received from client. + +GPG_ERR_CLOSE_NOTIFY Close notification received + + NTBTLS: - Alert with a close notification received + +GPG_ERR_TICKET_EXPIRED Ticket expired + + NTBTLS: - Session ticket has expired. + +GPG_ERR_BAD_TICKET Bad ticket + + NTBTLS: - Bad new session ticket message. + +GPG_ERR_UNKNOWN_IDENTITY Unknown identity + + NTBTLS: - Unknown PSK identify received + +GPG_ERR_BAD_HS_CERT Bad certificate message in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_CERT_REQ Bad certificate request message in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_CERT_VER Bad certificate verify message in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_CHANGE_CIPHER Bad change cipher messsage in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_CLIENT_HELLO Bad client hello message in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_SERVER_HELLO Bad server hello message in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_SERVER_HELLO_DONE Bad server hello done message in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_FINISHED Bad finished message in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_SERVER_KEX Bad server key exchange message in handshake + + NTBTLS: - As the description says. + +GPG_ERR_BAD_HS_CLIENT_KEX Bad client key exchange message in handshake + + NTBTLS: - As the description says. + + + GPG_ERR_KEY_DISABLED Key disabled @@ -565,7 +710,7 @@ GPG_ERR_KEY_ON_CARD Not possible with a card based key GNUPG: - The gpg-agent returns this if a DELETE_KEY commands is used for a smartcard based key. -254 GPG_ERR_INV_LOCK_OBJ Invalid lock object +GPG_ERR_INV_LOCK_OBJ Invalid lock object GPGRT: - The provided lock object is not valid. This indicates an internal problem in libgpg-error or more likely a commit d58fa35e89feddb71feeba8e39a016cd37c4be29 Author: Werner Koch Date: Mon Sep 29 17:34:28 2014 +0200 Add error codes for use by a TLS library. diff --git a/NEWS b/NEWS index e3c2097..2e49b0c 100644 --- a/NEWS +++ b/NEWS @@ -1,13 +1,37 @@ Noteworthy changes in version 1.17 (unreleased) [C12/A12/R_] ----------------------------------------------- - * New error source code for TLS protocol libraries. + * New error codes for TLS protocol libraries. * New configure option --enable-build-timestamp. * Interface changes relative to the 1.16 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - GPG_ERR_SOURCE_TLS NEW. + GPG_ERR_SOURCE_TLS NEW. + GPG_ERR_NO_CERT_CHAIN NEW. + GPG_ERR_CERT_TOO_LARGE NEW. + GPG_ERR_INV_RECORD NEW. + GPG_ERR_BAD_MAC NEW. + GPG_ERR_UNEXPECTED_MSG NEW. + GPG_ERR_COMPR_FAILED NEW. + GPG_ERR_WOULD_WRAP NEW. + GPG_ERR_FATAL_ALERT NEW. + GPG_ERR_NO_CIPHER NEW. + GPG_ERR_MISSING_CLIENT_CERT NEW. + GPG_ERR_CLOSE_NOTIFY NEW. + GPG_ERR_TICKET_EXPIRED NEW. + GPG_ERR_BAD_TICKET NEW. + GPG_ERR_UNKNOWN_IDENTITY NEW. + GPG_ERR_BAD_HS_CERT NEW. + GPG_ERR_BAD_HS_CERT_REQ NEW. + GPG_ERR_BAD_HS_CERT_VER NEW. + GPG_ERR_BAD_HS_CHANGE_CIPHER NEW. + GPG_ERR_BAD_HS_CLIENT_HELLO NEW. + GPG_ERR_BAD_HS_SERVER_HELLO NEW. + GPG_ERR_BAD_HS_SERVER_HELLO_DONE NEW. + GPG_ERR_BAD_HS_FINISHED NEW. + GPG_ERR_BAD_HS_SERVER_KEX NEW. + GPG_ERR_BAD_HS_CLIENT_KEX NEW. Noteworthy changes in version 1.16 (2014-09-18) [C12/A12/R2] diff --git a/src/err-codes.h.in b/src/err-codes.h.in index 3459a56..9274530 100644 --- a/src/err-codes.h.in +++ b/src/err-codes.h.in @@ -247,7 +247,34 @@ 212 GPG_ERR_SEXP_ODD_HEX_NUMBERS Odd hexadecimal numbers in S-expression 213 GPG_ERR_SEXP_BAD_OCT_CHAR Bad octal character in S-expression -# 214 to 251 are free to be used. +# 214 to 225 are free to be used. + +226 GPG_ERR_NO_CERT_CHAIN No certificate chain +227 GPG_ERR_CERT_TOO_LARGE Certificate is too large +228 GPG_ERR_INV_RECORD Invalid record +229 GPG_ERR_BAD_MAC The MAC does not verify +230 GPG_ERR_UNEXPECTED_MSG Unexpected message +231 GPG_ERR_COMPR_FAILED Compression or decompression failed +232 GPG_ERR_WOULD_WRAP A counter would wrap +233 GPG_ERR_FATAL_ALERT Fatal alert message received +234 GPG_ERR_NO_CIPHER No cipher algorithm +235 GPG_ERR_MISSING_CLIENT_CERT Missing client certificate +236 GPG_ERR_CLOSE_NOTIFY Close notification received +237 GPG_ERR_TICKET_EXPIRED Ticket expired +238 GPG_ERR_BAD_TICKET Bad ticket +239 GPG_ERR_UNKNOWN_IDENTITY Unknown identity +240 GPG_ERR_BAD_HS_CERT Bad certificate message in handshake +241 GPG_ERR_BAD_HS_CERT_REQ Bad certificate request message in handshake +242 GPG_ERR_BAD_HS_CERT_VER Bad certificate verify message in handshake +243 GPG_ERR_BAD_HS_CHANGE_CIPHER Bad change cipher messsage in handshake +244 GPG_ERR_BAD_HS_CLIENT_HELLO Bad client hello message in handshake +245 GPG_ERR_BAD_HS_SERVER_HELLO Bad server hello message in handshake +246 GPG_ERR_BAD_HS_SERVER_HELLO_DONE Bad server hello done message in hanshake +247 GPG_ERR_BAD_HS_FINISHED Bad finished message in handshake +248 GPG_ERR_BAD_HS_SERVER_KEX Bad server key exchange message in handshake +249 GPG_ERR_BAD_HS_CLIENT_KEX Bad client key exchange message in handshake + +# 250 and 251 are free to be used. 252 GPG_ERR_KEY_DISABLED Key disabled 253 GPG_ERR_KEY_ON_CARD Not possible with a card based key diff --git a/src/err-sources.h.in b/src/err-sources.h.in index 9a06c8f..13ca454 100644 --- a/src/err-sources.h.in +++ b/src/err-sources.h.in @@ -46,7 +46,7 @@ 14 GPG_ERR_SOURCE_G13 G13 15 GPG_ERR_SOURCE_ASSUAN Assuan -17 GPG_ERR_SOURCE_TLS TLS +17 GPG_ERR_SOURCE_TLS TLS # 15 to 30 are free to be used. ----------------------------------------------------------------------- Summary of changes: NEWS | 28 +++- doc/errorref.txt | 167 ++++++++++++++++++-- src/Makefile.am | 2 +- src/err-codes.h.in | 29 +++- src/err-sources.h.in | 2 +- ...> lock-obj-pub.powerpc64le-unknown-linux-gnu.h} | 0 6 files changed, 212 insertions(+), 16 deletions(-) rename src/syscfg/{lock-obj-pub.powerpc64el-unknown-linux-gnu.h => lock-obj-pub.powerpc64le-unknown-linux-gnu.h} (100%) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 30 12:40:02 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 30 Sep 2014 12:40:02 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-114-g51dae8c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 51dae8c8c4b63bb5e1685cbd8722e35342524737 (commit) from 8b960a807d168000d2690897a7634bd384ac1346 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 51dae8c8c4b63bb5e1685cbd8722e35342524737 Author: Werner Koch Date: Mon Sep 29 17:34:28 2014 +0200 mac: Fix gcry_mac_close to allow for a NULL handle. * cipher/mac.c (_gcry_mac_close): Check for NULL. -- We always allow this for easier cleanup. actually the docs already tell that this is allowed. diff --git a/cipher/mac.c b/cipher/mac.c index 30117b9..e5131ed 100644 --- a/cipher/mac.c +++ b/cipher/mac.c @@ -336,7 +336,8 @@ _gcry_mac_open (gcry_mac_hd_t * h, int algo, unsigned int flags, void _gcry_mac_close (gcry_mac_hd_t hd) { - mac_close (hd); + if (hd) + mac_close (hd); } ----------------------------------------------------------------------- Summary of changes: cipher/mac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Sep 30 12:41:41 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 30 Sep 2014 12:41:41 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, updated. libgcrypt-1.6.2-3-gd4b8678 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been updated via d4b86782debb93773ed1ccb9f8c1a230ff6e84f8 (commit) from e189934b7e240e405421fcabfe4b0b68ca7a8350 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4b86782debb93773ed1ccb9f8c1a230ff6e84f8 Author: Werner Koch Date: Mon Sep 29 17:34:28 2014 +0200 mac: Fix gcry_mac_close to allow for a NULL handle. * cipher/mac.c (_gcry_mac_close): Check for NULL. -- We always allow this for easier cleanup. actually the docs already tell that this is allowed. diff --git a/cipher/mac.c b/cipher/mac.c index fa36c7d..d87ac13 100644 --- a/cipher/mac.c +++ b/cipher/mac.c @@ -330,7 +330,8 @@ _gcry_mac_open (gcry_mac_hd_t * h, int algo, unsigned int flags, void _gcry_mac_close (gcry_mac_hd_t hd) { - mac_close (hd); + if (hd) + mac_close (hd); } ----------------------------------------------------------------------- Summary of changes: cipher/mac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org